Article 12560 at 08/04/14 20:48:21 From: patricko (at mark) staff.singnet.com.sg Subject: [coba-e:12560] swarm attacks

Index: [Article Count Order] [Thread]

Date:  Mon, 14 Apr 2008 19:39:48 +0800
From:  patricko <patricko (at mark) staff.singnet.com.sg>
Subject:  [coba-e:12560] swarm attacks - layer 2, packets limiting
To:  coba-e (at mark) bluequartz.org
Message-Id:  <20080414193948.615deb1b@patricko>
In-Reply-To:  <918C728F-1867-4A3B-8D71-BF65A86B3A70 (at mark) kommunity.net>
References:  <1200665372.3555.39.camel (at mark) silverbird>	<cfc6b7240801181003m364e58cer8b08d476f2540e4a (at mark) mail.gmail.com>	<918C728F-1867-4A3B-8D71-BF65A86B3A70 (at mark) kommunity.net>
X-Mail-Count: 12560

Hi Blues,


/sbin/iptables -N packet-limit
/sbin/iptables -A packet-limit -m limit --limit 100/second --limit-burst 150 -j RETURN

/sbin/iptables -A packet-limit -j LOG --log-prefix "packet flood: " 
/sbin/iptables -A packet-limit -j DROP



layer 2 packet limiting on burst per sec.

set reasonable number after you try-and-error on your environment.


Any external DDOS will be damages will be limited.

Cheers
patrick