Skip to content

조회 수 9257 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄

Check whether it shows lot of SYN_WAIT / TIME_WAIT / FIN_WAIT. If yes its due to the high number of connections. You can reduce these by adding some rules to the Iptables.

# iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
# iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
# iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
# iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP

# service iptables save
# service iptables restart

Adding rules to sysctl.conf

Also you can reduce these by adding some rules to sysctl.conf, the details given below.

# echo 1 > /proc/sys/net/ipv4/tcp_syncookies

Put following in /etc/sysctl.conf

# Enable TCP SYN cookie protection
net.ipv4.tcp_syncookies = 1

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 30

# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0

# Turn off the tcp_sack
net.ipv4.tcp_sack = 0


Then execute the command :

A quick and usefull command for checking if a server is under ddos is:

# netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

Reference : http://linuxhow2.net/?p=9


# Set default policies
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD DROP
/sbin/iptables -F
/sbin/iptables -F INPUT
/sbin/iptables -F OUTPUT
/sbin/iptables -F FORWARD
/sbin/iptables -F -t mangle
/sbin/iptables -X
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -d 127.0.0.0/8 -j REJECT
/sbin/iptables -A INPUT -i eth0 -j ACCEPT
/sbin/iptables -A INPUT -m state --state INVALID -j DROP
### chains to DROP too many SYN-s ######
/sbin/iptables -N syn-flood
/sbin/iptables -A syn-flood -m limit --limit 100/second --limit-burst 150 -j RETURN
/sbin/iptables -A syn-flood -j LOG --log-prefix "SYN flood: "
/sbin/iptables -A syn-flood -j DROP

Reference : http://www.webhostingtalk.com/archive/index.php/t-355411.html


  1. 서버종합점검[리눅스]

    Date2009.05.28 ByADMINPLAY Views8413
    Read More
  2. iptables 명령어로 ip 차단 법.

    Date2009.05.28 ByADMINPLAY Views9331
    Read More
  3. 서버의 iptable 보안설정 일부분

    Date2009.05.28 ByADMINPLAY Views8856
    Read More
  4. DDOS - iptables 방화벽 초간단 문서

    Date2009.05.28 ByADMINPLAY Views12358
    Read More
  5. iptables 설정, centos64 설치 간단셋팅

    Date2009.05.28 ByADMINPLAY Views8896
    Read More
  6. iptables/sysctl을 이용하여 DDOS SYN 공격 방어하기

    Date2009.05.28 ByADMINPLAY Views9257
    Read More
  7. iptables 기본

    Date2009.05.22 ByADMINPLAY Views8444
    Read More
  8. 간단한 보안 설정 (TCP Wrapper)

    Date2009.05.22 ByADMINPLAY Views8989
    Read More
  9. DOS Attack을 막기 위한 간단한 방법

    Date2009.05.22 ByADMINPLAY Views9618
    Read More
  10. 기본 tcpdump사용법

    Date2009.05.22 ByADMINPLAY Views11740
    Read More
  11. SQL 인젝션(injection) 프로그램 15종

    Date2009.05.22 ByADMINPLAY Views12574
    Read More
  12. 해킹툴이 사용하는 포트번호

    Date2009.05.22 ByADMINPLAY Views9864
    Read More
  13. 접속 로그파일 보기(wtmp)

    Date2009.05.11 ByADMINPLAY Views13941
    Read More
  14. 국가별로 접속 차단설정(geoip 설치)

    Date2009.05.10 ByADMINPLAY Views10463
    Read More
  15. mod_evasive를 이용한 웹Dos 공격을 막자

    Date2009.05.07 ByADMINPLAY Views9474
    Read More
  16. 보안서버 SSL 구동시 비밀번호 자동 입력 및 부팅시 자동 ...

    Date2009.03.23 ByADMINPLAY Views9372
    Read More
  17. apache 웹방화벽 모듈 modsecurity용 웹설정 툴, Remo

    Date2009.03.17 ByADMINPLAY Views10090
    Read More
  18. 최신 버전으로 구축하는 웹 파이어월, modsecurity

    Date2009.03.17 ByADMINPLAY Views12903
    Read More
  19. 리눅스 아이피 차단 해제

    Date2009.03.11 ByADMINPLAY Views10585
    Read More
  20. 보안서버구축 - SSL(설치 및 키생성)

    Date2009.01.04 ByADMIN Views10517
    Read More
Board Pagination Prev 1 2 3 4 5 Next
/ 5

Copyright ADMINPLAY corp. All rights reserved.

abcXYZ, 세종대왕,1234

abcXYZ, 세종대왕,1234