On 06/11/13 06:09, Andreas Krey wrote:
On Tue, 05 Nov 2013 14:09:40 +0000, Thomas Hand wrote: ...
Also, use iptables! If it is a dedicated VPS then drop anything you dont recognize,
What for? The ports that you want to block are rejected by the kernel anyway, as there is no one listening. (The minor added protection that malware needs to be root to disable iptables and effectively listen - is that worth the work?)
Dropping bad requests will reduce your bandwidth usage through not having to send TCP RST responses, and will also increase the workload of the attacker as they'll have to wait for a timeout on each connection.
I wouldn't recommend dropping everything, though, as it makes troubleshooting very difficult - just drop connections to ports which get attacked.
-Kevin