[NTLUG:Discuss] DoS attacks
Paul Ingendorf
pauldy at wantek.net
Thu Jan 23 10:10:29 CST 2003
Quoting Rick Matthews <RedHat.Linux at verizon.net>:
> Mike wrote:
>
> I can improve upon that advice... Stop responding to bogus requests
> when the server is powered up. Of course I think knowing which
> requests are bogus may be part of the problem...
>
> Rick
>
>
Goto
/proc/sys/net/ipv4/
Set your appropriate values for response rate for the various potential dos
attacks disable broadcast replies. the in the conf/<your interface> disable
source routed packets.
Once you have done that stuff then you should use the limit feature in iptables
to limit the rate at which clients can connect to your machine. This should
put you in the bracket were you are only susceptible to the saturation of a
ddos vs the resource depleting syn attack.
This is all relativly painless and once your done with it there is rarely a
need to revisit it.
More information about the Discuss
mailing list