Using iptables firewall against syn flood attacks
Could someone help with configuring an iptables firewall using hashlimits against syn flood attacks. On my other 'test' pc i've got an tool named PortFuck. With the tool i can put my server offline, it's flooding syn attacks. I've tried to use a lot of stuff like APF/Mod_evasive/Dos deflate but all those software doesnt word against the hardness of the flood. A long time ago someone configured my iptables firewall with fwlogwatch and it blocked the flood, the server didnt go offline! But i lost all the files and settings (damn bad!).. I've heared something about hashlimits in CentOS 5 (with newest kernel). Could someone write me an working iptables firewall against syn floods?
Regards. |
I'm too drunk to remember the exact syntax, but there's a --limit option for iptables... something like --limit 10/min from an ip address should cover such attacks.
|
Urgh.. Ok, i've used Google many times but i can't find the iptables rules i am looking for..
|
I'm sorry I can't completely understand the way that you have phrased the question; however does either of these help at all?
http://www.cyberciti.biz/tips/howto-...n-attacks.html http://www.securityfocus.com/infocus/1729 If they fail, perhaps a more general description of firewalls http://www.linuxhomenetworking.com/w...Using_iptables or http://www.yolinux.com/TUTORIALS/Lin...rkGateway.html. Alternatively, and if all else fails, there is this bit of light reading http://iptables-tutorial.frozentux.n...tml/index.html. A lovely bit of work, but not lightweight. |
Quote:
# sysctl net.ipv4.tcp_syncookies=1 |
Quote:
|
All times are GMT -5. The time now is 02:55 PM. |