On 30.03.2021 19:46, Toralf Förster wrote:
On 2/22/21 3:27 PM, Toralf Förster wrote:
# DDoS
$IPT -A INPUT -p tcp -m state --state NEW -m recent --name synflood --set $IPT -A INPUT -p tcp -m state --state NEW -m recent --name synflood --update --seconds 60 --hitcount 10 -j DROP
just for the record:
In the emanwhile I do think that this idea was BS.
The reason is that if an advisory spoofs the sender address then this eventually blocks the (spoofed) sender address thereby.
DDoS SYN flood attack are unfortunately very different and hard to defend against.
I recently found something: SYNPROXY https://www.redhat.com/en/blog/mitigate-tcp-syn-flood-attacks-red-hat-enterp...
https://hakin9.org/syn-flood-attacks-how-to-protect-article/ at the bottom: # iptables -t mangle -I PREROUTING -p tcp -m tcp --dport 80 -m state --state NEW -m tcpmss ! --mss 536:65535 -j DROP
Does anyone know the community services of Team Cymru? Is that really free? That might be something for people with their own ASN like nifty. https://team-cymru.com/community-services/utrs/