LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-26-2011, 08:06 PM   #1
seisatsu
LQ Newbie
 
Registered: Apr 2011
Posts: 1

Rep: Reputation: 0
How can I lessen the impact of bandwidth attacks with IPTables or APF?


My server has been the repeated victim of bandwidth attacks: any large file on the server is downloaded repeatedly, with the goal of pushing the server over the provider's bandwidth limit.

How can I lessen the effect of these kinds of attacks with IPTables or APF? For example, can I set the server to:

Code:
Block V IP that downloads W file over X size more than Y times per Z time.
Or something similar? Is this possible? Is there a more effective way, and can a firewall even do this? My web server is Lighttpd, perhaps I can place such a rule directly in its config?

Last edited by seisatsu; 05-01-2011 at 12:29 AM.
 
Old 04-27-2011, 01:51 AM   #2
EricTRA
LQ Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297Reputation: 1297
Hello and Welcome to LinuxQuestions,

Here's a script I found on the internet a while ago (sorry don't remember the link so cannot give credit where credit is due). This script limits the number of connections from the same IP. You can easily adapt it to your needs if you have some Bash experience. Hope it helps.

Code:
#! /bin/bash

while [ 1 ] ;
do
	for ip in `lsof -ni | grep httpd | grep -iv listen | awk '{print $8}' | cut -d : -f 2 | sort | uniq | sed s/"http->"//` ;
	# the line above gets the list of all connections and connection attempts, and produces a list of uniq IPs
	# and iterates through the list
	do
    		noconns=`lsof -ni | grep $ip | wc -l`;
    		# This finds how many connections there are from this particular IP address
    		echo $ip : $noconns ;
    		if [ "$noconns" -gt "10" ] ;
    		# if there are more than 10 connections established or connecting from this IP
    		then
			# echo More;
      			# echo `date` "$ip has $noconns connections.  Total connections to prod spider:  `lsof -ni | grep httpd | grep -iv listen | wc -l`" >>/var/log/Ddos/Ddos.log
      			# to keep track of the IPs uncomment the above two lines and make sure you can write to the appropriate place
      			iptables -I INPUT -s $ip -p tcp -j REJECT --reject-with tcp-reset
      			# for these connections, add an iptables statement to send resets on any packets recieved
    		else
        		# echo Less;
    		fi;
  	done
sleep 60
done
Kind regards,

Eric
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Bandwidth Limit Exceeded.. "Apache Server" seems to be susceptible to attacks..? cosmicbrat Linux - Server 7 12-29-2010 06:36 PM
apf and iptables bytez Linux - General 0 10-16-2006 08:30 PM
Open port in iptables and apf issue jolly Linux - Security 1 10-02-2006 09:45 PM
LXer: Open Source Impact on Software Innovation Outweighs Impact on ... LXer Syndicated Linux News 0 08-15-2006 02:54 PM
iptables + apf help is needed. [gotLan]-MarK Linux - Security 3 10-26-2004 02:05 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 03:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration