Linux Limit number of connections [DoS prevention]

[Red]

Debian 5.0 minimal 64-bit.

/etc/init.d/iptables

iptables: Chain already exists.
Bad argument `syn'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `limit'
Try `iptables -h' or 'iptables --help' for more information.

Freshly restarted dedicated. Followed your "Debian Hack" too.
Red

 

[stian]

minimal don't include the required modules.

 

[Red]

minimal don't include the required modules.

So do you suggest.. apt-get update or so?

Red

 

[stian]

There are some kernel module packages, I don't remember the name.

apt-cache search

 

[koob]

@stian
not sure if limit is limiting per ip. Hashlimit does.

 

[stian]

This is a flood limiter (where you nuke of a million packages /sec, often with random source), not a connection limiter. If you try to protect against things like slowloris, it's better done on software level.

 

[koob]

Thats why i suggested hashlimit, can be used as flood limiter per ip ( good for DoS ).

 

[stian]

Ye, and highly ineffective. SYN flood can have a fake IP. So can all UDP traffic.

 

[Onizuka]

weak weak ;/
won't do much against a big attack

 

[stian]

Nothing will do much against a big attack anyway.

 

[chojrak]

lol can't acess my website at all after using ur iptables ;l

 

[bolero]

Bump.

 

[bolero]

root@199:/# apt-get install iptables
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
iptables
0 upgraded, 1 newly installed, 0 to remove and 4 not upgraded.
Need to get 460kB of archives.
After this operation, 1819kB of additional disk space will be used.
Err Index of /ubuntu lucid/main iptables 1.4.4-2ubuntu2
Temporary failure resolving 'archive.ubuntu.com'
Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/i/iptables/iptables_1.4.4-2ubu
ntu2_amd64.deb Temporary failure resolving 'archive.ubuntu.com'
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

 

[ThaLeeeS]

whem I put rules work fine, but after a minutes the rules expire from system..
Before I reboot the system.

Help me D;

 

[hepy]

EDIT: now i fixed it... in the post there are missing symbols, thats the reason why didnt worked for me. i used this:
iptables -N conn-flood
iptables -I INPUT 1 -p tcp --syn -j conn-flood
iptables -A conn-flood -m limit --limit 7/s --limit-burst 20 -j RETURN
iptables -A conn-flood -j DROP
iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j ACCEPT
iptables -A INPUT -p icmp -j DROP

 

[ThaLeeeS]

This script Worked for me too, but block some players for connect :\

 

[ugurdrahs]

/sbin/iptables: No such file or directory

 

[szeos]

I'm not sure what im doing but i found something like that

### BEGIN INIT INFO
# Provides:          spindown
# Required-Start:    $syslog
# Required-Stop:     $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: hardisk spindown daemon
# Description:
#
### END INIT INFO

added this here

#!/bin/bash
### BEGIN INIT INFO
# Provides:          spindown
# Required-Start:    $syslog
# Required-Stop:     $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: hardisk spindown daemon
# Description:
#
### END INIT INFO


#Starting Modules
modprobe ipt_recent

#Firewall
iptables -N conn-flood
iptables -I INPUT 1 -p tcp --syn -j conn-flood
iptables -A conn-flood -m limit --limit 7/s --limit-burst 20 -j RETURN
iptables -A conn-flood -j DROP
iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j ACCEPT
iptables -A INPUT -p icmp -j DROP

and get this massage

using dependency based boot sequencing

Thats is good?

I have debian 6

 

[bolero]

Bump.