|
|
嚜
Linux撘瑕之iptables嚗銝槐pt_recentmodule嚗賡餅DDoS餅
" c1 W# w* D9 S( o& n: D3 Z靘憒嚗雿臭誑啣銝chain嚗 iptables -N WEB_SRV_DOS ":WEB_SRV_DOS - [0:0]"
9 h. ?$ f- d5 b% r2 S嗅嚗其誑銝隞歹60蝘吩it port 80/443頞10甈∠IP餅銝西銝靘嚗( l: M! y; i: X4 P% j' J
- iptables -A INPUT -p tcp -m multiport dports 80,443 -j WEB_SRV_DOS
- iptables -A WEB_SRV_DOS -p tcp --syn -m multiport --dports 80,443 -m recent --rcheck --second 60 --hitcount 10 -j LOG --log-prefix "[Possible DOS Attack]"
- iptables -A WEB_SRV_DOS -p tcp --syn -m multiport --dports 80,443 -m recent --rcheck --second 60 --hitcount 10 -j REJECT
- iptables -A WEB_SRV_DOS -p tcp --syn -m multiport --dports 80,443 -m recent --set
- iptables -A WEB_SRV_DOS -p tcp -m multiport --dports 80,443 -j ACCEPT
, {* d2 ~) m3 ?. z# _2 @' O) ~憒雿dmesg唬憿航炊嚗
, c! U! E, T6 F5 T+ H: r, Y0 hhitcount (200) is larger than packets to be remembered (20) ) K) S& D8 y5 O+ O! v
銵函內雿閮剖閬閮蝞甈⊥詨之履pt_recent閮剖銝嚗舫隤踵惺pt_recent moduleip_pkt_list_tot訾閫瘙箝
% P7 P' }3 X6 R- { ~& L; S4 w/ B" L9 v0 ]/ K) @& h
皜祈岫銝銝:( r' c- r3 ~7 P- X3 R4 |! Q3 H
撠皜祈岫site澆箏之 http request [size=13.376px](臭誑撖怎撘靘頝嚗冽雓撌乩犖箸 灸rowser憭TAB嚗銝瑞reload蝬脤)
. O [% Z; @( F. |; ~4 f臭誑潛曉/var/log/message銝剖箇曆閮荔; j/ n1 K, D7 R9 U9 ^# w6 _0 e
May 17 07:12:00 localhost kernel: [Possible DOS Attack]IN=eth0 OUT= MAC=XX:XX:XX:XX:43:77:00:1f:YY:YY:YY:YY SRC=192.168.0.105 DST=192.168.0.102 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=45026 DF PROTO=TCP SPT=59437 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
- S: J9 f# ]0 ]+ X2 _& _甇斗隞半rowser皜祈岫蝬脤嚗箇遨onnection refused嚗⊥銝(箸閮剖rule爹EJECT)
) e0 l: Y1 ^7 n1 WOK嚗iptablesipt_recent module潭桐其
) ~' E, O3 @5 B: {6 k; ]
! o* b; E& T& [) Q2 z+ w蝯隢嚗
- N2 t( \( t1 B ~) r* _5 ](1) iptables函雯頝臬惜喲餅餅撠嚗撠serverloading敶梢輯撠5 u9 j" k( `' u: x8 M
(2) iptables閮剖銝頛敶改舐其脰風80,443隞亙port
" ^( I7 P, ?8 j& ]& E5 U* }! ^(3) iptables航身摰潛函銝餅嚗箏究erver寥脰靽霅瘀臭誑摰其霈餅撠脣叫erver# B1 o7 h% D5 w, \" y
憒雿舐決S Windows + IIS嚗亙瑕嚗雿臭誑AQTRONIX WebKnight憟鞎餌web application firewall嚗鋆⊿W單脰風DDoS餅賬# h3 K3 n1 P1 c
1 D s: l! F6 f* y
" T9 y+ r5 ^: o9 x9 ^: http://blog.eztable.com/2011/05/17/how-to-prevent-ddos/
$ A6 w, J8 p8 Q; j, v: X# ^+ H$ ~, g/ I
" r- i C1 k. h* \9 I, n$ q) ?! f1 ~================================================% Q) g& g. A$ w+ e' g
菜葫舐IP 隞:
9 W* N; i n! W7 o* w% Vsed 's/ .*//' access.log | sort | uniq -c | sort -n8 [8 O& y4 [: x" Z1 U+ w3 t* D8 \
perl -ne 'print "$1*\n" if m#^((\d+\.){3})#' access.log | sort | uniq -c | sort -n) }, p0 B( K9 w2 e
|
|
|
潸” 2016-10-8 21:08:05
嗉
鈭
霈
