본문 바로가기

개발/서버

ddos 방화벽 룰

- 패스워드 공격 :

iptables -A INPUT -p tcp —dport 22 -m state —state NEW -m recent —set —name SSHSCAN

iptables -A INPUT -p tcp —dport 22 -m state —state NEW -m recent —update —seconds 60 —hitcount 8 —rttl —name SSHSCAN -j LOG —log-prefix SSH_SCAN:

iptables -A INPUT -p tcp —dport 22 -m state —state NEW -m recent —update —seconds 60 —hitcount 8 —rttl —name SSHSCAN -j DROP

혹은 ..

/etc/rc.d/init.d/iptables save

vi /etc/sysconfig/iptables


*filter :INPUT ACCEPT [77821:18947147]

룰 추가

-A INPUT -p tcp —dport 22 -m state —state NEW -m recent —set —name SSHSCAN -A INPUT -p tcp —dport 22 -m state —state NEW -m recent —update —seconds 60 —hitcount 8 —rttl —name SSHSCAN -j LOG —log-prefix SSH_Scan: -A INPUT -p tcp —dport 22 -m state —state NEW -m recent —update —seconds 60 —hitcount 8 —rttl —name SSHSCAN -j DROP

룰 추가 끝

:FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [76355:16945171] COMMIT

Completed on Mon Nov 24 18:13:04 2014

/etc/rc.d/init.d/iptables start

chkconfig —level 345 iptables on

fail2ban 설치. http://www.fail2ban.org

- DDos 공격 :

iptables -A INPUT -p tcp –dport 80 -m recent –update –seconds 1 –hitcount 10 –name HTTP -j DROP

'개발 > 서버' 카테고리의 다른 글

리눅스 커널 코어 덤프 분석  (0) 2015.09.10
sge 통신 방식을 ssh 로 전환  (0) 2015.09.10
UNIX IP Stack Tuning Guide v2.7  (0) 2015.09.10
죽은 프로세스 살리기  (0) 2015.09.10
How to kill zombie process [closed]  (0) 2015.09.10