|
|
嚜
Linux撘瑕之iptables嚗銝槐pt_recentmodule嚗賡餅DDoS餅4 l) ^7 B3 J% P2 ]
靘憒嚗雿臭誑啣銝chain嚗 iptables -N WEB_SRV_DOS ":WEB_SRV_DOS - [0:0]"$ y- V8 }7 O! J% Z/ R$ d. g' Y
嗅嚗其誑銝隞歹60蝘吩it port 80/443頞10甈∠IP餅銝西銝靘嚗
: E; j3 g% P3 f, S/ T- iptables -A INPUT -p tcp -m multiport dports 80,443 -j WEB_SRV_DOS
- iptables -A WEB_SRV_DOS -p tcp --syn -m multiport --dports 80,443 -m recent --rcheck --second 60 --hitcount 10 -j LOG --log-prefix "[Possible DOS Attack]"
- iptables -A WEB_SRV_DOS -p tcp --syn -m multiport --dports 80,443 -m recent --rcheck --second 60 --hitcount 10 -j REJECT
- iptables -A WEB_SRV_DOS -p tcp --syn -m multiport --dports 80,443 -m recent --set
- iptables -A WEB_SRV_DOS -p tcp -m multiport --dports 80,443 -j ACCEPT
銴鋆賭誨蝣 3 Q% [ E9 e$ k! `: I) l
憒雿dmesg唬憿航炊嚗 / u; A/ l, m- i$ \" Z
hitcount (200) is larger than packets to be remembered (20) . W3 L! _$ q: e( [& X7 f0 _. w
銵函內雿閮剖閬閮蝞甈⊥詨之履pt_recent閮剖銝嚗舫隤踵惺pt_recent moduleip_pkt_list_tot訾閫瘙箝$ b- Q f* Z7 Q. M0 G
( s; H- m( M K& O0 ?
皜祈岫銝銝:9 \8 x+ n2 O: V {! j. H6 K
撠皜祈岫site澆箏之 http request [size=13.376px](臭誑撖怎撘靘頝嚗冽雓撌乩犖箸 灸rowser憭TAB嚗銝瑞reload蝬脤)) c- a7 O7 F6 v# \0 W$ x, c. L' s4 d
臭誑潛曉/var/log/message銝剖箇曆閮荔
/ @6 P9 l8 o- ^: x0 ]" a5 o% LMay 17 07:12:00 localhost kernel: [Possible DOS Attack]IN=eth0 OUT= MAC=XX:XX:XX:XX:43:77:00:1f:YY:YY:YY:YY SRC=192.168.0.105 DST=192.168.0.102 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=45026 DF PROTO=TCP SPT=59437 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0; W! P$ ?' J& y, J8 x
甇斗隞半rowser皜祈岫蝬脤嚗箇遨onnection refused嚗⊥銝(箸閮剖rule爹EJECT)$ K1 V3 H' S, ^
OK嚗iptablesipt_recent module潭桐其
1 n2 {& M3 R, z; Q9 n6 o' g; x% i5 k% q8 T1 R$ I2 `
蝯隢嚗! @" \5 N% R; n: m2 s( d" u
(1) iptables函雯頝臬惜喲餅餅撠嚗撠serverloading敶梢輯撠
( V t' q) \! X5 I+ U6 s(2) iptables閮剖銝頛敶改舐其脰風80,443隞亙port
& d: k) q/ d' d+ w4 E* {" q(3) iptables航身摰潛函銝餅嚗箏究erver寥脰靽霅瘀臭誑摰其霈餅撠脣叫erver( D$ C0 q) L+ Q4 E$ `
憒雿舐決S Windows + IIS嚗亙瑕嚗雿臭誑AQTRONIX WebKnight憟鞎餌web application firewall嚗鋆⊿W單脰風DDoS餅賬
2 x$ O, `% C7 D: p% C
( B- S& k7 o, ~+ w+ x0 M2 H: l0 q6 G
: http://blog.eztable.com/2011/05/17/how-to-prevent-ddos/
8 z, [5 B( Y6 v9 }( R6 J+ V( U' F. G& T( R1 R
================================================
# h$ C6 K/ i# O/ T$ n菜葫舐IP 隞:
7 j' W4 a0 m- D8 ysed 's/ .*//' access.log | sort | uniq -c | sort -n
0 |8 L$ Z6 g' s( [& xperl -ne 'print "$1*\n" if m#^((\d+\.){3})#' access.log | sort | uniq -c | sort -n
5 t0 B) }$ V) H) y# p# V |
|
|