How to Prevent DDOS Attacks on Linux based Servers
DDOS Explained
DDoS or Distributed Daniel of Service Attack is a type of DOS attack where a number of compromised systems or Bots or Zombies , which are often infected with a Trojan or other Malware or Ratware , are used to target a single system causing a Denial of Services (DoS) attack.
The Catch here is that one can prevent a DOS attack by simply putting a rule that no more than (lets say) 5 connections are allowed per Host . But when the hosts have different IP’s and Different Demography , these simple rules wont help .
Please note that the below technique is not an Industry Standard , but is a trick one can use without any requirement of paid firewall or software .
How To Prevent DDOS Attacks
In this example we will be Limiting the number of SSH Connections to our SSH host. The same technique can/is also be done for other protocols such as HTTP , FTP etc. By using this simple utility that is shipped with all Linux Systems we can control the number of Client systems connecting to our Server . So the secret of Network Admins is out for the common now !!!
We can also call this a Firewall (in a way) configured using the IPTABLES utility .
The first this we need to do here is to Load a module called Connlimit
Load Module : xt_connlimit
modprobe xt_connlimit
modprobe xt_connlimit
Check if the module was loaded or not :
lsmod | grep connlimit
Incase you are configuring a Firewall/Webserver and want this module to load at the Startup :
Add #modprobe xt_connlimit in the file /etc/init.d/rc.d/ri.local
Incase you are configuring a Firewall/Webserver and want this module to load at the Startup :
Add #modprobe xt_connlimit in the file /etc/init.d/rc.d/ri.local
Command to set the Max number to connections to 20 :
iptables -I INPUT -p tcp –syn –dport 22 -m connlimit –connlimit-above 20 -j REJECT
-I : Insert a rule in the Chain
-p : The Protocol
–syn : This means the rule is only applicable to the packets that are initiating the connection. The rule will not apply to any Data packet that is involved in data transfer .
–dport : 22 for ssh , 80 or 8080 for HTTP or as you require
To View IPTABLES : iptables -L -n | less
To Save IPTABLES : service iptables save
-p : The Protocol
–syn : This means the rule is only applicable to the packets that are initiating the connection. The rule will not apply to any Data packet that is involved in data transfer .
–dport : 22 for ssh , 80 or 8080 for HTTP or as you require
To View IPTABLES : iptables -L -n | less
To Save IPTABLES : service iptables save
That’s it guys! Why not show your gratitude by clicking one of our sponsors and help us grow!