DIY Linux DoS文丐- HOWTO极限您TCP连接的最大数字与您的网络服务器的!
我读叫的以下书, Linux服务器文丐显示您许多方式您能乱砍您的Linux服务器,因此您的服务器不死。
因为我们有一次DoS攻击大约5分钟前,这实际上运作。 (它似乎,如我们那些日子越来越得到DoS攻击。 您能提到 DDOS也放气剧本)
这文丐我在我的浴室闻悉上星期从书的#47,并且我使用它防止DoS攻击者减少我珍贵的方形字体CPU专用服务器。
输入以下命令,并且您将限制TCP连接的数字与您的服务器的到12连接每秒,在24连接看了之后。 (它意味着,不管,您的服务器不会设法超过服务12个访客在一秒期间期间,当您的服务器得到时digged, farked,绊倒,或者什么)
iptables - t nat - N同步符充斥
iptables - t nat -同步符充斥- m极限-极限12/s -极限破裂24 - j回归
iptables - t nat -同步符充斥- j下落
iptables - t nat - PREROUTING - i $EXT_IFACE - d $DEST_IP - p tcp -同步符- j同步符充斥
我认为您能平稳地增加价值,如果您的服务器可能处理更多。 但它似乎带来了我们的服务器装载从33.00 somethin’到在以下1.0。 Yey!
如果您是黑客,抱歉的花花公子。 因为我们也是,是黑客您必须尝试小的更加坚硬的乱砍的Zedomax。
P.S. You know what I try to do when I find out where the hackers are coming from, I do a DoS attack back on them. This usually pisses them off enough to DoS me more but I kinda enjoy the battle so bring it on! :p
(No Ratings Yet)
Loading ...Related Posts
Bookmark It!
|del.icio.us |Digg it |SiteHoppin |Wagg It | Email this to a Friend
Email This Post
If you like this post then please subscribe to my full feed RSS. You can also subscribe by Email.
Got a new hack, DIY, howto, or gadget? Tip us here.
Wow! What an attitude! I would love to shake hands with you. Fix the cockroaches. Guys like me depend on fellows like you to do such things. All the best. I hope that you wipe them out completely!
yes, i can’t wipe them out completely but i can limit their strategies to bring sites down… :p
Hi, any idea why Im getting this error message when I try your approach:
srv098:~$ iptables -t nat -A syn-flood -m limit -limit 12/s -limit-burst 24 -j RETURN
iptables v1.3.6: Unknown arg `limit’
Try `iptables -h’ or ‘iptables –help’ for more information.
THANKS in advance !!!
Try this instead, my blog post looks like it won’t let you copy two dashes:
iptables -t nat -A syn-flood -m limit –limit 12/s –limit-burst 24 -j RETURN
and you can see the instructions better on our wiki:
http://zedomax.com/wiki/index.php/Linux/Unix_HOWTOs#HOWTO_Limit_number_of_connections_to_your_server_to_fight_Denial_of_Service_attacks
THANKS for the fast reply. However, now I got:
srv098:~$ iptables -t nat -A syn-flood -m limit –limit 12/s –limit-burst 24 -j RETURN
iptables: Invalid argument
Hey there,
Try entering the first line first:
iptables -t nat -N syn-flood
You have enter all the lines one at a time and it will work~
Let me know if you need more help.
I did the first one before the problematic one ofcourse. However, not Im getting:
srv098:~$ iptables -t nat -N syn-flood
iptables: Chain already exists
No matter what I do Im either getting:
iptables: Invalid argument
or
iptables: Chain already exists
:(((
Oh you know what, I think it’s already working then, it means you already set it.
That would be awesome!
Is there a way to check it or undo it? (just to know)
THANKS!
I think when you reboot your server, this setting gets resetted. You can put it in a file somewhere so it starts when your server reboots, I forgot how to do this…
That is some crazy stuf and could be useful. I have yet to need such information though. knock on wood.
plz help to increase my internet speed i have reliance wireless broadband
during night time the speed is 40kbps(downloading) but during day after 10 am it is 4to5kbps
how can i incrasemy speed without the permission of my network administrator
also tell me how to hack my network pc without there permissions