LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page How to be immune to basic UDP/any port attack flood?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-14-2014, 07:08 AM   #1
postcd
Member
 
Registered: Oct 2013
Posts: 527

Rep: Reputation: Disabled
How to be immune to basic UDP/any port attack flood?

Hello,

on server i have config server firewall and iptables. I would like server to be safe from basic UDP flood and any port attack flood.
http://img703.imageshack.us/img703/3935/35039950.png
https://1.bp.blogspot.com/-rDgZndKmy...s1600/ddos.png

So i want to ask if you can advice on which setting to lookup or which software to use?

Example CSF mentioned above has this option:
Quote:
16. Port Flood Protection
#########################

This option configures iptables to offer protection from DOS attacks against
specific ports. This option limits the number of connections per time interval
that new connections can be made to specific ports.
I have port 22 and 80 protected, but not sure if others are vulnerable to this attack.

will this really protect me from these basic non distributed flood attacks or what do you recommend?
 
Old 05-15-2014, 08:57 AM   #2
Linux_Kidd
Member
 
Registered: Jan 2006
Location: USA
Posts: 737

Rep: Reputation: 78
well, dos\ddos protection means you need a way to mitigate the issue, not only at host level but at network level too. thus many people are turning to services like Arbor and DOSarrest. however, if its a host on a network you dont control then the mitigation tactic at host level might save host from port exhaustion (or other issues like too many sockets in time_wait state), but this is not true dos\ddos protection.

and yes, what you posted is basic form of protecting the service port from sequential fast connections. not sure if its src IP based or not..... and depending on the thresholds you could inadvertently deny legit connections, etc.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLES to block sync flood over udp port farenheitcx Linux - Server 1 08-06-2012 06:59 AM
my debian server was used in a udp flood attack Darchi Linux - Security 4 04-05-2012 06:31 PM
iptables rules against udp flood and ddos attack callbiz Linux - Networking 12 02-19-2010 08:13 AM
Stopping UDP Packtet Flood on Port: 28960 murder Linux - Security 6 09-19-2005 09:42 PM
Stoping UDP Packtet Flood on Port: 28960 murder Linux - Networking 1 09-19-2005 08:43 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:33 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration