[Techtalk] Distributed Denial of Service - Defenses?
Melissa Meyer
melissa at ginormus.com
Wed Apr 19 08:30:21 EST 2006
On Tue, Apr 18, 2006 at 03:12:04PM -0700, RobertWichert wrote:
> Does anybody know of a reliable defense against Distributed Denial of
> Service Attacks? The place that I host my servers is routinely hit by
> DDoS attacks that take my servers out of service for hours at a time.
> The fellow that I know there says that there is "nothing that I can do
> about it". That can't be true, can it?
>
> I have heard that Cisco routers have some sort of built-in defense, but
> this server set is running Linux and is Pentium based. Is it true that
> Cisco servers have this solved? Is there some sort of Linux firewall
> that will work? Is there some sort of traffic-limiting software that
> will allow known clients to get priority? I'm just guessing really.
> I'm looking for something that we can buy or configure, compatible with
> Linux.
>
> Any ideas out there?
>
Do you have iptables set up on your servers? You can set unused ports
to drop all packets or just set the input rule to default drop and set
up a limit filter for ports in use. So if you have a mail server:
iptables -A INPUT -p tcp --dport 25 -m limit --limit 5/s -j ACCEPT
which basically limits the number of connections to 5 per second (or
something similar).
More information about the Techtalk
mailing list