Skip to content

조회 수 9207 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄

Check whether it shows lot of SYN_WAIT / TIME_WAIT / FIN_WAIT. If yes its due to the high number of connections. You can reduce these by adding some rules to the Iptables.

# iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
# iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
# iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
# iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP

# service iptables save
# service iptables restart

Adding rules to sysctl.conf

Also you can reduce these by adding some rules to sysctl.conf, the details given below.

# echo 1 > /proc/sys/net/ipv4/tcp_syncookies

Put following in /etc/sysctl.conf

# Enable TCP SYN cookie protection
net.ipv4.tcp_syncookies = 1

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 30

# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0

# Turn off the tcp_sack
net.ipv4.tcp_sack = 0


Then execute the command :

A quick and usefull command for checking if a server is under ddos is:

# netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

Reference : http://linuxhow2.net/?p=9


# Set default policies
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD DROP
/sbin/iptables -F
/sbin/iptables -F INPUT
/sbin/iptables -F OUTPUT
/sbin/iptables -F FORWARD
/sbin/iptables -F -t mangle
/sbin/iptables -X
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -d 127.0.0.0/8 -j REJECT
/sbin/iptables -A INPUT -i eth0 -j ACCEPT
/sbin/iptables -A INPUT -m state --state INVALID -j DROP
### chains to DROP too many SYN-s ######
/sbin/iptables -N syn-flood
/sbin/iptables -A syn-flood -m limit --limit 100/second --limit-burst 150 -j RETURN
/sbin/iptables -A syn-flood -j LOG --log-prefix "SYN flood: "
/sbin/iptables -A syn-flood -j DROP

Reference : http://www.webhostingtalk.com/archive/index.php/t-355411.html


  1. No Image 30Nov
    by ADMINPLAY
    2009/11/30 by ADMINPLAY
    Views 8316 

    lsof 활용 가이드

  2. No Image 08Mar
    by l2zeo
    2010/03/08 by l2zeo
    Views 8734 

    LINUX 해킹당했을 때 대처요령

  3. No Image 18Jul
    by ADMINPLAY
    2009/07/18 by ADMINPLAY
    Views 9755 

    Linux Security

  4. No Image 13Dec
    by ADMINPLAY
    2009/12/13 by ADMINPLAY
    Views 8800 

    Kernel 2.4.23 버전 이하에 나온 ptrace 버그에 관한 사항

  5. No Image 15Sep
    by ADMINPLAY
    2010/09/15 by ADMINPLAY
    Views 19777 

    iptables와 mod_security 연동을 통한 ip 차단

  6. iptables를 이용한 SSH brute force 공격방어

  7. No Image 28May
    by ADMINPLAY
    2009/05/28 by ADMINPLAY
    Views 9207 

    iptables/sysctl을 이용하여 DDOS SYN 공격 방어하기

  8. No Image 28May
    by ADMINPLAY
    2009/05/28 by ADMINPLAY
    Views 10345 

    iptables-connlimit & geoip 설치설정

  9. No Image 04Jun
    by ADMINPLAY
    2009/06/04 by ADMINPLAY
    Views 12040 

    iptables 포트 포워딩

  10. No Image 30Nov
    by ADMINPLAY
    2009/11/30 by ADMINPLAY
    Views 8854 

    iptables 옵션 및 상태 추적 테이블 및 rule

  11. No Image 28May
    by ADMINPLAY
    2009/05/28 by ADMINPLAY
    Views 8857 

    iptables 설정, centos64 설치 간단셋팅

  12. No Image 28May
    by ADMINPLAY
    2009/05/28 by ADMINPLAY
    Views 9286 

    iptables 명령어로 ip 차단 법.

  13. iptables 리눅스? NETFILTER관련

  14. No Image 22May
    by ADMINPLAY
    2009/05/22 by ADMINPLAY
    Views 8389 

    iptables 기본

  15. No Image 15Oct
    by ADMINPLAY
    2009/10/15 by ADMINPLAY
    Views 10809 

    iframe 이용한 악성코드 삽입, 홈페이지 변조 사고 대비 대응책

  16. No Image 08Aug
    by ADMINPLAY
    2009/08/08 by ADMINPLAY
    Views 9602 

    find 명령어 활용(보안관련)

  17. No Image 14Dec
    by ADMIN
    2008/12/14 by ADMIN
    Views 11030 

    fcheck - 리눅스 시스템 무결성 검사 툴

  18. No Image 22May
    by ADMINPLAY
    2009/05/22 by ADMINPLAY
    Views 9572 

    DOS Attack을 막기 위한 간단한 방법

  19. No Image 03May
    by ADMINPLAY
    2010/05/03 by ADMINPLAY
    Views 21373 

    denyhosts (ssh, ftp 등의 접근 차단)

  20. No Image 28May
    by ADMINPLAY
    2009/05/28 by ADMINPLAY
    Views 12305 

    DDOS - iptables 방화벽 초간단 문서

Board Pagination Prev 1 2 3 4 5 Next
/ 5

Copyright ADMINPLAY corp. All rights reserved.

abcXYZ, 세종대왕,1234

abcXYZ, 세종대왕,1234