hi antonio On 07/06/16 at 10:29am, Antonio Prado wrote: > "methods to stop DDoS attacks using iptables" ? - yup.. one "cannot stop" incoming ddos attacks there are many ways to mitigation different ddos attacks .. > "DDoS and iptables" are words that should not stay in the same sentence. > trying to block a DDoS using iptables is a nonsense, yup ... but that depends on where iptables is used, at the ISP or at the server under attack, and also depends on if it is tcp-based attacks or not ... but without iptables, the ddos attacks are even worst .. with iptables limit, at least some of the incoming ddos attacks does not generate any outgoing (useless) reply without iptables limit, the incoming ddos attacks are doubled with the useless outgoing replies ( host not avail, service not avail, etc etc ) > actually, because > that kind of traffic fills the pipe before your iptables-tricks can play > a role. and it also uses up your /var/log if you're "crazy" enuff to log things and it uses cpu/memory .... and it definitely wastes your time looking for "ddos mitigation" options or is it not a waste of time to google/yahoo/bing .... you have to do that sooner or later before the ddos probes/scans get worst and becomes real attacks to take your servers or somebody elses servers offline.. magic pixie dust .. alvin # # DDoS-Mitigator.net/Howto # -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
