Stop Synflood DoS via Torrent

Etwas was interessant sein könnte,
wenn man den ein solches DoS Problem hat.
Textfile hatte ich noch hier rumliegen,
stammt allerdings nicht von mir ->Credits to the original author.

Die Anleitung erklärt,
wie die Anzahl der neuen Verbindungen von einer IP mittels IPtables begrenzt werden kann.

Quick “fix” for synflood DoS via. torrent tracker:
-> allow only 10 new connections within 5 seconds per source ip

iptables -N syn_80_recent
iptables -A syn_80_recent -m recent –set –name DEFAULT –rsource
iptables -A syn_80_recent -m recent –update –seconds 5 –hitcount 10 –name DEFAULT –rsource -j DROP
iptables -A syn_80_recent -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW -m tcp –dport 80 -j syn_80_recent

If you still block to many valid users, try to play with the seconds/hitcount settings.

Also enable syncookies on Linux kernel (if not done already):
sysctl -w net.ipv4.tcp_syncookies=1

No guarantee/warranty, use/test at your own risk. Feel free to contact us.

HTH,
Sven Michels
sectoor GmbH

This entry was posted in Uncategorized. Bookmark the permalink.

One Response to Stop Synflood DoS via Torrent

Leave a Reply

Your email address will not be published. Required fields are marked *