Find the answer to your Linux question:
Results 1 to 3 of 3
Hello, on server i have config server firewall and iptables. I would like server to be safe from basic UDP flood and any port attack flood. http://img703.imageshack.us/img703/3935/35039950.png https://1.bp.blogspot.com/-rDgZndKmy...s1600/ddos.png So i ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux User postcd's Avatar
    Join Date
    Apr 2011
    Posts
    315

    How to be immune to basic UDP/any port attack flood?


    Hello,

    on server i have config server firewall and iptables. I would like server to be safe from basic UDP flood and any port attack flood.
    http://img703.imageshack.us/img703/3935/35039950.png
    https://1.bp.blogspot.com/-rDgZndKmy...s1600/ddos.png

    So i want to ask if you can advice on which setting to lookup or which software to use?

    Example CSF mentioned above has this option:
    16. Port Flood Protection
    #########################

    This option configures iptables to offer protection from DOS attacks against
    specific ports. This option limits the number of connections per time interval
    that new connections can be made to specific ports.
    I have port 22 and 80 protected, but not sure if others are vulnerable to this attack.

    will this really protect me from these basic non distributed flood attacks or what do you recommend?
    "Avoid the Gates of Hell. Use Linux affordable VPS."

  2. #2
    Linux Engineer
    Join Date
    Apr 2012
    Location
    Virginia, USA
    Posts
    889
    I recommend you close all the other ports to the outside world. Port 22 ideally should be only open to specific IPs.
    Only allow RELATED,ESTABLISHED TCP/UDP connections for other ports such as 53 (DNS).

  3. #3
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Quote Originally Posted by mizzle View Post
    I recommend you close all the other ports to the outside world. Port 22 ideally should be only open to specific IPs.
    This is only good advice if you know the IP Addresses that someone from the outside would be connecting from. What do you do about clients that are mobil and their ip addresses change all the time?

    Only allow RELATED,ESTABLISHED TCP/UDP connections for other ports such as 53 (DNS).
    Everything is direction related so it would depend on the direction that this rule was applied.

    My advice is to DROP all traffic to start. Then allow ports that you need to allow work to be completed. Of the ports you allow, if you are worried about DOS attacks, rate limit them to X connections in y minuter/seconds with logging. Run a bot that watches your logs, like FAIL2BAN, that blocked failed connection to keep them from attempting to login over and over again.

    You could do the same with outgoing connection too, this stops someone how has broken in from opening other connections to other devices.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •