|
|
嚜
Linux撘瑕之iptables嚗銝槐pt_recentmodule嚗賡餅DDoS餅
& h8 w; y8 e. b/ \( @, s1 }2 [靘憒嚗雿臭誑啣銝chain嚗 iptables -N WEB_SRV_DOS ":WEB_SRV_DOS - [0:0]"
9 m4 o- O- j( i; R8 v嗅嚗其誑銝隞歹60蝘吩it port 80/443頞10甈∠IP餅銝西銝靘嚗
0 X! ?. _4 d4 n- iptables -A INPUT -p tcp -m multiport dports 80,443 -j WEB_SRV_DOS
- iptables -A WEB_SRV_DOS -p tcp --syn -m multiport --dports 80,443 -m recent --rcheck --second 60 --hitcount 10 -j LOG --log-prefix "[Possible DOS Attack]"
- iptables -A WEB_SRV_DOS -p tcp --syn -m multiport --dports 80,443 -m recent --rcheck --second 60 --hitcount 10 -j REJECT
- iptables -A WEB_SRV_DOS -p tcp --syn -m multiport --dports 80,443 -m recent --set
- iptables -A WEB_SRV_DOS -p tcp -m multiport --dports 80,443 -j ACCEPT
憒雿dmesg唬憿航炊嚗
3 @" L0 N# f; a+ O% uhitcount (200) is larger than packets to be remembered (20) q$ t# E4 \' Z( F' d( h
銵函內雿閮剖閬閮蝞甈⊥詨之履pt_recent閮剖銝嚗舫隤踵惺pt_recent moduleip_pkt_list_tot訾閫瘙箝- G" q' ~5 R+ e4 W* ~4 J& p- ?
+ \! w, M2 p& m皜祈岫銝銝:, y+ U C& D$ \5 z6 Q! v% K: t
撠皜祈岫site澆箏之 http request [size=13.376px](臭誑撖怎撘靘頝嚗冽雓撌乩犖箸 灸rowser憭TAB嚗銝瑞reload蝬脤)
8 _. k! Y1 z: e$ X) v( f臭誑潛曉/var/log/message銝剖箇曆閮荔
# L9 {6 n: L! V+ NMay 17 07:12:00 localhost kernel: [Possible DOS Attack]IN=eth0 OUT= MAC=XX:XX:XX:XX:43:77:00:1f:YY:YY:YY:YY SRC=192.168.0.105 DST=192.168.0.102 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=45026 DF PROTO=TCP SPT=59437 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=08 d& D2 r$ i1 j( a" c
甇斗隞半rowser皜祈岫蝬脤嚗箇遨onnection refused嚗⊥銝(箸閮剖rule爹EJECT)3 c/ ]$ W( d) u) ` b$ l
OK嚗iptablesipt_recent module潭桐其
2 \6 H9 h! \& K
/ |9 C& Y( ]1 ^1 w蝯隢嚗, U6 X( T6 a. `' K6 l
(1) iptables函雯頝臬惜喲餅餅撠嚗撠serverloading敶梢輯撠
9 `) t' A5 X7 h$ e1 A* ](2) iptables閮剖銝頛敶改舐其脰風80,443隞亙port
9 U+ ]4 P- \. K; D6 V" n6 w1 a+ P/ [5 u(3) iptables航身摰潛函銝餅嚗箏究erver寥脰靽霅瘀臭誑摰其霈餅撠脣叫erver
, c! [3 ^0 q1 I5 w憒雿舐決S Windows + IIS嚗亙瑕嚗雿臭誑AQTRONIX WebKnight憟鞎餌web application firewall嚗鋆⊿W單脰風DDoS餅賬
. k y4 K% r$ @0 T+ D& M2 u$ z
& u" t# i' L7 d1 B5 t% x0 L, Q# [
# b' L! u+ D K y; T: http://blog.eztable.com/2011/05/17/how-to-prevent-ddos/; {, @" S3 G: c6 Y
7 E8 z5 m9 W! N0 e. L4 j5 r) a================================================4 D! b% M( _) M/ l4 [
菜葫舐IP 隞:- z' H6 U/ g' X3 m* L% Y* H9 m2 V8 A
sed 's/ .*//' access.log | sort | uniq -c | sort -n
6 [; p" `' S, Y( ]% U9 pperl -ne 'print "$1*\n" if m#^((\d+\.){3})#' access.log | sort | uniq -c | sort -n
! j/ ~; k% S* A' F |
|
|
潸” 2016-10-8 21:08:05
嗉
鈭
霈
