I have been reading the following book called, Linux Server Hacks, which shows you many ways you can hack your Linux server so your server doesn’t die.
This actually works since we just had a DoS attack about 5 minutes ago. (It seems like we are getting more and more DoS attacks these days. You can refer to the DDOS Deflate script also)
Here’s HACK #47 I read about last week in my bath room from the book and I just used it to prevent DoS attackers from bringing my precious Quad-CPU dedicated server down.
Enter the following commands and you will limit number of TCP connections to your server to 12 connections per second after 24 connections have been seen. (It means that no matter what, your server will not try to serve more than 12 visitors during one second of period when your server gets digged, farked, stumbled, or whatever)
iptables -t nat -N syn-flood
iptables -t nat -A syn-flood -m limit —limit 12/s —limit-burst 24 -j RETURN
iptables -t nat -A syn-flood -j DROP
iptables -t nat -A PREROUTING -i $EXT_IFACE -d $DEST_IP -p tcp –syn -j syn-flood
I think you can increase the values steadily if your server can handle more. But it seems to have brought our server load from 33.00 somethin’ to under 1.0. Yey!
If you are a hacker, sorry dude. You are gonna have to try a little harder hacking Zedomax since we are hackers too.
P.S. You know what I try to do when I find out where the hackers are coming from, I do a DoS attack back on them. This usually pisses them off enough to DoS me more but I kinda enjoy the battle so bring it on! :p
12 Responses to DIY Linux DoS HACK – HOWTO Limit your the max number of TCP connections to your Web Server!
Leave a Reply
Wow! What an attitude! I would love to shake hands with you. Fix the cockroaches. Guys like me depend on fellows like you to do such things. All the best. I hope that you wipe them out completely!
yes, i can’t wipe them out completely but i can limit their strategies to bring sites down… :p
Hi, any idea why Im getting this error message when I try your approach:
srv098:~$ iptables -t nat -A syn-flood -m limit -limit 12/s -limit-burst 24 -j RETURN
iptables v1.3.6: Unknown arg `limit’
Try `iptables -h’ or ‘iptables –help’ for more information.
THANKS in advance !!!
Try this instead, my blog post looks like it won’t let you copy two dashes:
iptables -t nat -A syn-flood -m limit –limit 12/s –limit-burst 24 -j RETURN
and you can see the instructions better on our wiki:
http://zedomax.com/wiki/index.php/Linux/Unix_HOWTOs#HOWTO_Limit_number_of_connections_to_your_server_to_fight_Denial_of_Service_attacks
THANKS for the fast reply. However, now I got:
srv098:~$ iptables -t nat -A syn-flood -m limit –limit 12/s –limit-burst 24 -j RETURN
iptables: Invalid argument
Hey there,
Try entering the first line first:
iptables -t nat -N syn-flood
You have enter all the lines one at a time and it will work~
Let me know if you need more help. 🙂
I did the first one before the problematic one ofcourse. However, not Im getting:
srv098:~$ iptables -t nat -N syn-flood
iptables: Chain already exists
No matter what I do Im either getting:
iptables: Invalid argument
or
iptables: Chain already exists
:(((
Oh you know what, I think it’s already working then, it means you already set it.
That would be awesome!
Is there a way to check it or undo it? (just to know)
THANKS!
I think when you reboot your server, this setting gets resetted. You can put it in a file somewhere so it starts when your server reboots, I forgot how to do this…
That is some crazy stuf and could be useful. I have yet to need such information though. knock on wood.
plz help to increase my internet speed i have reliance wireless broadband
during night time the speed is 40kbps(downloading) but during day after 10 am it is 4to5kbps
how can i incrasemy speed without the permission of my network administrator
also tell me how to hack my network pc without there permissions