linux command to prevent dos attack by using netstat and iptables
19,644
Well you can not prevent ddos, and 200 requests is rather trivial.
Best you can do , IMO, is to set limits
sudo iptables -A INPUT -m limit --limit 50/minute --limit-burst 200 -j ACCEPT
sudo iptables -A INPUT -j REJECT
For port 80, use
sudo iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m limit --limit 50/minute --limit-burst 200 -j ACCEPT
sudo iptables -A INPUT -m state --state RELATED,ESTABLISHED -m limit --limit 50/second --limit-burst 50 -j ACCEPT
sudo iptables -A INPUT -j REJECT
You should be able to adjust those limits to your server.
See: http://blog.bodhizazen.com/linux/prevent-dos-with-iptables/
Related videos on Youtube
Author by
Morteza Soltanabadiyan
Updated on September 18, 2022Comments
-
Morteza Soltanabadiyan over 1 year
I want to DROP more than 200 requests per ip to prevent ddos attack. this is command that i used to detect requests count per ip :
netstat -alpn | grep :80 | awk '{print $5}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -nr
now i want add all ip addresses that made more than 200 requests into IPtables to DROP input and out put.
-
Admin about 10 yearsYou realize that the point of a ddos is that the requests come from so many different addresses that you can't block them, rather than loads from a few addresses, and that any but the most simple attacks will still send the incoming traffic to saturate your downlink, whether you reply or not?
-
Admin about 7 yearsI think your command lists open parallel connections to port 80 per IP address. That's not the same as request count per IP (over some time), but admittedly still a useful metric once your server has started to slow down and requests keep queuing up.
-
-
ThisIsNotAnId about 5 yearsAre we supposed to use both set of commands? Sorry if it's a basic question, I'm completely new and have no idea what I'm doing.