Skip to content

조회 수 9207 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄
?

단축키

Prev이전 문서

Next다음 문서

크게 작게 위로 아래로 댓글로 가기 인쇄

Check whether it shows lot of SYN_WAIT / TIME_WAIT / FIN_WAIT. If yes its due to the high number of connections. You can reduce these by adding some rules to the Iptables.

# iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
# iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
# iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
# iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP

# service iptables save
# service iptables restart

Adding rules to sysctl.conf

Also you can reduce these by adding some rules to sysctl.conf, the details given below.

# echo 1 > /proc/sys/net/ipv4/tcp_syncookies

Put following in /etc/sysctl.conf

# Enable TCP SYN cookie protection
net.ipv4.tcp_syncookies = 1

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 30

# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0

# Turn off the tcp_sack
net.ipv4.tcp_sack = 0


Then execute the command :

A quick and usefull command for checking if a server is under ddos is:

# netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

Reference : http://linuxhow2.net/?p=9


# Set default policies
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD DROP
/sbin/iptables -F
/sbin/iptables -F INPUT
/sbin/iptables -F OUTPUT
/sbin/iptables -F FORWARD
/sbin/iptables -F -t mangle
/sbin/iptables -X
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -d 127.0.0.0/8 -j REJECT
/sbin/iptables -A INPUT -i eth0 -j ACCEPT
/sbin/iptables -A INPUT -m state --state INVALID -j DROP
### chains to DROP too many SYN-s ######
/sbin/iptables -N syn-flood
/sbin/iptables -A syn-flood -m limit --limit 100/second --limit-burst 150 -j RETURN
/sbin/iptables -A syn-flood -j LOG --log-prefix "SYN flood: "
/sbin/iptables -A syn-flood -j DROP

Reference : http://www.webhostingtalk.com/archive/index.php/t-355411.html


  1. 간단한 보안 설정 (TCP Wrapper)

    Date2009.05.22 ByADMINPLAY Views8944
    Read More
  2. iptables 기본

    Date2009.05.22 ByADMINPLAY Views8389
    Read More
  3. iptables/sysctl을 이용하여 DDOS SYN 공격 방어하기

    Date2009.05.28 ByADMINPLAY Views9207
    Read More
  4. iptables 설정, centos64 설치 간단셋팅

    Date2009.05.28 ByADMINPLAY Views8857
    Read More
  5. DDOS - iptables 방화벽 초간단 문서

    Date2009.05.28 ByADMINPLAY Views12305
    Read More
  6. 서버의 iptable 보안설정 일부분

    Date2009.05.28 ByADMINPLAY Views8790
    Read More
  7. iptables 명령어로 ip 차단 법.

    Date2009.05.28 ByADMINPLAY Views9286
    Read More
  8. 서버종합점검[리눅스]

    Date2009.05.28 ByADMINPLAY Views8371
    Read More
  9. iptables-connlimit & geoip 설치설정

    Date2009.05.28 ByADMINPLAY Views10345
    Read More
  10. iptables 포트 포워딩

    Date2009.06.04 ByADMINPLAY Views12040
    Read More
  11. pam_abl 을 통한 SSH 무작위 공격 방어

    Date2009.06.04 ByADMINPLAY Views8734
    Read More
  12. mod_security 설치 2.X

    Date2009.06.04 ByADMINPLAY Views9413
    Read More
  13. 리눅스용 백신 AVG

    Date2009.06.04 ByADMINPLAY Views9092
    Read More
  14. Tcpdump 사용법

    Date2009.06.06 ByADMINPLAY Views11159
    Read More
  15. 리눅스용 각종 보안도구 사이트모음

    Date2009.07.12 ByADMINPLAY Views33734
    Read More
  16. Linux Security

    Date2009.07.18 ByADMINPLAY Views9755
    Read More
  17. SSL 인증서문제

    Date2009.07.19 ByADMINPLAY Views9480
    Read More
  18. 64bit 시스템에 ssl 설치 후 실행 시 X509_free 오류

    Date2009.07.19 ByADMINPLAY Views9705
    Read More
  19. Apache 에 ModSecurity 모듈 설치하기

    Date2009.08.03 ByADMINPLAY Views10542
    Read More
  20. find 명령어 활용(보안관련)

    Date2009.08.08 ByADMINPLAY Views9602
    Read More
Board Pagination Prev 1 2 3 4 5 Next
/ 5

Copyright ADMINPLAY corp. All rights reserved.

abcXYZ, 세종대왕,1234

abcXYZ, 세종대왕,1234