Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
Re: [suse-security] I´m under DoS attack !
  • From: keith@xxxxxxxxxxxxxxxxxxxxxxxx
  • Date: Sat, 12 Jul 2003 20:16:51 +0000 (GMT)
  • Message-id: <Pine.LNX.4.44.0307122004420.1239-100000@xxxxxxxxxxx>

> It makes no sense at all to add these permanently to your firewall, since an
> attack usually only lasts a couple of hours/days. After the attack subsides,
> remove the rules by
>
> iptables -D INPUT -s IP#1 -j DROP
> iptables -D INPUT -s IP#2 -j DROP
> iptables -D INPUT -s IP#3 -j DROP
>
> If you need logging, you may want to insert additional rules to log the
> dropped packets. Note that a firewall will not help in defending a 'real'
> DDoS attack, this must be stopped at your uplink.


I got the following from the Packet Filtering HOWTO, by
Rusty Russell.

You may need to filter the INPUT chain as well, to protect
your own machine(s).

USE AT YOUR OWN RISK!!!

#------------------------------------------------------#
# LOG Syn-flood Denial of Service attempts - 10 per hour
iptables -A FORWARD -p tcp --syn -m limit --limit 10/h \
-j LOG --log-prefix 'Syn-flood attack??? '

# Syn-flood protection
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT

#------------------------------------------------------#
# LOG Furtive Port Scanner attempts - 10 per hour
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST \
-m limit --limit 10/h -j LOG --log-prefix 'Port Scanner attack??? '

# Port Scanner protection
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST \
-m limit --limit 1/s -j ACCEPT

#------------------------------------------------------#
# LOG Ping of Death Denial of Service attempts - 10 per hour
iptables -A FORWARD -p icmp --icmp-type echo-request \
-m limit --limit 10/h -j LOG --log-prefix 'Ping of Death attack??? '

# Ping of Death protection
iptables -A FORWARD -p icmp --icmp-type echo-request \
-m limit --limit 1/s -j ACCEPT

#------------------------------------------------------#

Regards - Keith Roberts


< Previous Next >
References