Iptables for protect OpenVPN server from DOS attacks
Good morning.
I have an OpenVPN server in a debian 8.1
openVPN daemon is listening in tcp/443 port.
I have detected that if a OpenVPN user run a script to initiate multiple openVPN connections ( DOS attack for tcp/443 port) the script can crash OpenVPN service in the server.
I tested this with a simple script. when i run attack, i can see hundreds of tcp/443 connections with netstat from same source ip.
netstat -putan | grep 443 | awk '{print $5}' | cut -d ":" -f1 | sort | uniq -c
743 X.X.X.X
where 743 is the number of connections 443/tcp from same ip.
I would like to know how i can protect from this attack with a iptables rules.
I have applied this iptables rule to limit connections
/sbin/iptables -I INPUT -p tcp --syn --dport 443 -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset
But when i run script again i see in netstat that there are again hundreds of connections ( in SYN_RECV, ESTABLISHED, TIME WAIT and FIN_WAIT2 state) from same source ip.
I am newbie with iptables.
Thanks!
|