Results 1 to 6 of 6

Thread: ddos

  1. #1

    ddos

    some company tell us that they are ddos protected, but i read and hear alot of source telling us that no solution exist for that, well, not a permanent solution.

    some expert here ? sorry for my english

  2. #2
    Join Date
    Aug 2004
    Location
    Shanghai
    Posts
    1,449
    The most common protection is to limit the number of connections in some ways. Something like this can help:

    iptables -I INPUT -p tcp -i eth0 -m state --state NEW -m recent --set
    iptables -I INPUT -p tcp -i eth0 -m state --state NEW -m recent --update --seconds 1 --hitcount 50 -j DROP

    You can do the same kind of stuff for UDP and ICMP. It helps, but that doesn't prevent flooding. At least it helps your server to survive...

    Thomas
    GPLHost:>_ open source hosting worldwide (I'm founder, CEO & official Debian Developer)
    Servers & our leading control panel and our Xen VPS hosting, which are already included in Debian and Ubuntu
    Available in: Kuala Lumpur, Singapore, Sydney, Seattle, Atlanta, Paris, London, Barcelona, Zurich, Israel

  3. #3
    Join Date
    Oct 2005
    Location
    Fleet Street
    Posts
    3,243
    You can do the same kind of stuff for UDP and ICMP. It helps, but that doesn't prevent flooding. At least it helps your server to survive...
    This simply isn't true. Two iptables rules will not filter a tiny flood, much less help your server to survive.

    no solution exist for that, well, not a permanent solution.
    Great solutions do exist, but they're certainly not infallible.

  4. #4
    Join Date
    Aug 2004
    Location
    Shanghai
    Posts
    1,449
    Quote Originally Posted by nocebo
    Two iptables rules will not filter a tiny flood
    That is exactly what I wrote.

    This was just a simple example, to show the begining of what's possible to do, nothing more. Real world practice include more work, and what's the most important: administrator reaction to attacks. This is all but an easy task, and those 2 rules are just not enough, I agree, but it saved me once, and I thought it was nice to post them because they are so simple.

    Thomas
    GPLHost:>_ open source hosting worldwide (I'm founder, CEO & official Debian Developer)
    Servers & our leading control panel and our Xen VPS hosting, which are already included in Debian and Ubuntu
    Available in: Kuala Lumpur, Singapore, Sydney, Seattle, Atlanta, Paris, London, Barcelona, Zurich, Israel

  5. #5

    hey nocebo

    I will look at your website company maybe its what im searching for

  6. #6

    hey nocebo

    You should put another entry in your webpage to choose number of month we want.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •