Stop Synflood DoS via Torrent

Posted on 29 August 2010 by admin

Etwas was interessant sein könnte,
wenn man den ein solches DoS Problem hat.
Textfile hatte ich noch hier rumliegen,
stammt allerdings nicht von mir ->Credits to the original author.

Die Anleitung erklärt,
wie die Anzahl der neuen Verbindungen von einer IP mittels IPtables begrenzt werden kann.

Quick “fix” for synflood DoS via. torrent tracker:
-> allow only 10 new connections within 5 seconds per source ip

iptables -N syn_80_recent
iptables -A syn_80_recent -m recent –set –name DEFAULT –rsource
iptables -A syn_80_recent -m recent –update –seconds 5 –hitcount 10 –name DEFAULT –rsource -j DROP
iptables -A syn_80_recent -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW -m tcp –dport 80 -j syn_80_recent

If you still block to many valid users, try to play with the seconds/hitcount settings.

Also enable syncookies on Linux kernel (if not done already):
sysctl -w net.ipv4.tcp_syncookies=1

No guarantee/warranty, use/test at your own risk. Feel free to contact us.

HTH,
Sven Michels
- sectoor GmbH

This entry was posted in Uncategorized. Bookmark the permalink.

One Response to Stop Synflood DoS via Torrent

  1. Voku says:
    23 December 2010 at 04:18

    Danke für das Textfile … werde mir die Regeln mal anschauen :-)

    PS: schöner Blog, gute Themenauswahl -> RSS-Feed wird direkt abonniert ;-)

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="" highlight="">