[Techtalk] Distributed Denial of Service - Defenses?

Melissa Meyer melissa at ginormus.com
Wed Apr 19 08:30:21 EST 2006

On Tue, Apr 18, 2006 at 03:12:04PM -0700, RobertWichert wrote:
> Does anybody know of a reliable defense against Distributed Denial of
> Service Attacks?  The place that I host my servers is routinely hit by
> DDoS attacks that take my servers out of service for hours at a time. 
> The fellow that I know there says that there is "nothing that I can do
> about it".  That can't be true, can it?
> I have heard that Cisco routers have some sort of built-in defense, but
> this server set is running Linux and is Pentium based.  Is it true that
> Cisco servers have this solved?  Is there some sort of Linux firewall
> that will work?  Is there some sort of traffic-limiting software that
> will allow known clients to get priority?  I'm just guessing really. 
> I'm looking for something that we can buy or configure, compatible with
> Linux.
> Any ideas out there?

Do you have iptables set up on your servers?  You can set unused ports
to drop all packets or just set the input rule to default drop and set 
up a limit filter for ports in use.  So if you have a mail server:

iptables -A INPUT -p tcp --dport 25 -m limit --limit 5/s -j ACCEPT

which basically limits the number of connections to 5 per second (or
something similar).

More information about the Techtalk mailing list