简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
Home > System Tutorial > LINUX > body text

How to defend against SYN DDoS and Ping attacks using iptables

王林
Release: 2024-01-03 11:24:27
forward
988 people have browsed it

Configure firewall to prevent syn, ddos ​​attacks

 [root@m176com ~]# vim /etc/sysconfig/iptables
 在iptables中加入下面几行
 #anti syn,ddos
 -A FORWARD -p tcp --syn -m limit --limit 1/s --limit-burst 5 -j ACCEPT
 -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
 -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
Copy after login

Description: First line: Allow up to 5 new connections per second. Second line: Prevent various port scans. The third line: Ping flood attack (Ping of Death), which can be adjusted or turned off as needed

Restart the firewall

 [root@m176com ~]# /etc/init.d/iptables restart
Copy after login

Block an IP

 # iptables -I INPUT -s 192.168.0.1 -j DROP
Copy after login

How to prevent others from pinging me? ? 

# iptables -A INPUT -p icmp -j DROP
Copy after login

Prevent synchronization packet flood (Sync Flood)

# iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
Copy after login

Prevent various port scans

# iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
Copy after login

Ping Flood Attack (Ping of Death)

# iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
Copy after login
NMAP FIN/URG/PSH
 # iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
 
Xmas Tree
 # iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ALL -j DROP
 
Another Xmas Tree
 # iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
 
Null Scan(possibly)
 iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL NONE -j DROP
 
SYN/RST
 # iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
 
SYN/FIN -- Scan(possibly)
# iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
Copy after login

Limit the sending speed of internal packets

 #iptables -A INPUT -f -m limit --limit 100/s --limit-burst 100 -j ACCEPT
Copy after login

Restrict the transfer of establishing a connection

 #iptables -A FORWARD -f -m limit --limit 100/s --limit-burst 100 -j ACCEPT
Copy after login

The above is the detailed content of How to defend against SYN DDoS and Ping attacks using iptables. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
linux linux tutorial Red Hat linux system linux command linux certification red hat linux linux video
source:linuxprobe.com
Previous article:How to enable screen lock function in Debian11 Mate? Next article:How to download and install Code Blocks on deepin20
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
Linux Bash: Easily delete HTML table data blocks I have an html file that is processed using a bash script and want to remove empty tables....
From 2024-04-02 09:13:43
0
1
332
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!