|
|
||||||||||
 |
|  |
||||||||
|
| ||||||||||
 |
|
|
Thread Tools | Display Modes |
12-04-06, 10:21
|
|||
|
|||
How To stop SYN
Heres a bash script I had to stop SYN attacks on your server you need root,
#!/bin/bash /sbin/modprobe ip_tables /sbin/modprobe ip_conntrack /sbin/modprobe ip_conntrack_ftp rm /root/.dyn* echo "Setting kernel tcp parameters to reduct DoS effects" #Reduce DoS'ing ability by reducing timeouts echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time echo 1 > /proc/sys/net/ipv4/tcp_window_scaling echo 0 > /proc/sys/net/ipv4/tcp_sack echo 1280 > /proc/sys/net/ipv4/tcp_max_syn_backlog #ANTISPOOFING for a in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $a done ## #NO SOURCE ROUTE for z in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo 0 > $z done #SYN COOKIES echo 1 > /proc/sys/net/ipv4/tcp_syncookies echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts #echo $ICMP_ECHOREPLY_RATE > /proc/sys/net/ipv4/icmp_echoreply_rate echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses echo "1" > /proc/sys/net/ipv4/conf/all/accept_redirects echo "1" > /proc/sys/net/ipv4/conf/all/log_martians # NUMBER OF CONNECTIONS TO TRACK echo "65535" > /proc/sys/net/ipv4/ip_conntrack_max # Set default policies /sbin/iptables -P INPUT ACCEPT /sbin/iptables -P OUTPUT ACCEPT /sbin/iptables -P FORWARD DROP /sbin/iptables -F /sbin/iptables -F INPUT /sbin/iptables -F OUTPUT /sbin/iptables -F FORWARD /sbin/iptables -F -t mangle /sbin/iptables -X /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A INPUT -d 127.0.0.0/8 -j REJECT /sbin/iptables -A INPUT -i eth0 -j ACCEPT /sbin/iptables -A INPUT -m state --state INVALID -j DROP ### chains to DROP too many SYN-s ###### /sbin/iptables -N syn-flood /sbin/iptables -A syn-flood -m limit --limit 100/second --limit-burst 150 -j RETURN /sbin/iptables -A syn-flood -j LOG --log-prefix "SYN flood: " /sbin/iptables -A syn-flood -j DROP --------------------------------------------------------- call it syn.bash and then excute it, also replace /sbin/iptables to the path of the iptables program =========================================== Feel free to use the following iptable commands below to drop INVALID SYN packets that sometimes are also used to flood the server.. /sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP /sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP /sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP =========================================== If you're using APF, you'd want to put something like this into /etc/apf/firewall $IPT -A INPUT -i $IN_IF -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP $IPT -A INPUT -i $IN_IF -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP $IPT -A INPUT -i $IN_IF -p tcp --tcp-flags SYN,RST SYN,RST -j DROP $IPT -A OUTPUT -o $OUT_IF -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP $IPT -A OUTPUT -o $OUT_IF -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP $IPT -A OUTPUT -o $OUT_IF -p tcp --tcp-flags SYN,RST SYN,RST -j DROP ============================================ 
|
|
12-07-08, 01:09
|
|||
|
|||
|
Hello,
This absolutely, how do ?
|
|
12-08-08, 08:57
|
||||
|
||||
|
Yes, definitely
 Are you looking for additional information also ?
__________________
Redundant Dedicated Server Hosting Solutions Only at BODHost 24x7 Toll-Free ph. : +1. 866-662-0909 Email : sales@bodhost.com | MSN : sales@bodhost.com
|
|
12-08-08, 09:15
|
|||
|
|||
|
Hello,
pico synb Code:
#!/bin/bash /sbin/modprobe ip_tables /sbin/modprobe ip_conntrack /sbin/modprobe ip_conntrack_ftp rm /root/.dyn* echo "Setting kernel tcp parameters to reduct DoS effects" #Reduce DoS'ing ability by reducing timeouts echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time echo 1 > /proc/sys/net/ipv4/tcp_window_scaling echo 0 > /proc/sys/net/ipv4/tcp_sack echo 1280 > /proc/sys/net/ipv4/tcp_max_syn_backlog #ANTISPOOFING for a in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $a done ## #NO SOURCE ROUTE for z in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo 0 > $z done #SYN COOKIES echo 1 > /proc/sys/net/ipv4/tcp_syncookies echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts #echo $ICMP_ECHOREPLY_RATE > /proc/sys/net/ipv4/icmp_echoreply_rate echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses echo "1" > /proc/sys/net/ipv4/conf/all/accept_redirects echo "1" > /proc/sys/net/ipv4/conf/all/log_martians # NUMBER OF CONNECTIONS TO TRACK echo "65535" > /proc/sys/net/ipv4/ip_conntrack_max # Set default policies /sbin/iptables -P INPUT ACCEPT /sbin/iptables -P OUTPUT ACCEPT /sbin/iptables -P FORWARD DROP /sbin/iptables -F /sbin/iptables -F INPUT /sbin/iptables -F OUTPUT /sbin/iptables -F FORWARD /sbin/iptables -F -t mangle /sbin/iptables -X /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A INPUT -d 127.0.0.0/8 -j REJECT /sbin/iptables -A INPUT -i eth0 -j ACCEPT /sbin/iptables -A INPUT -m state --state INVALID -j DROP ### chains to DROP too many SYN-s ###### /sbin/iptables -N syn-flood /sbin/iptables -A syn-flood -m limit --limit 100/second --limit-burst 150 -j RETURN /sbin/iptables -A syn-flood -j LOG --log-prefix "SYN flood: " /sbin/iptables -A syn-flood -j DROP ./synb Correct ? I'm English I don't know very good. I'm From Turkey :dancing:
|
|
12-09-08, 16:27
|
||||
|
||||
|
Hello,
That's quite informative and added to the thead. Regards, Forum Administrator BODHost.com
__________________
Redundant Dedicated Server Hosting Solutions Only at BODHost 24x7 Toll-Free ph. : +1. 866-662-0909 Email : sales@bodhost.com | MSN : sales@bodhost.com
|
|
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT -6. The time now is 23:59.
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0
 |
Web Server Hosting - Contact Us - - Members - Register - Calendar - Search - FAQ |  |