[GTER] Mitigando ataques DDoS tcp com iptables
Christian Lyra
lyra at pop-pr.rnp.br
Mon Jul 4 10:28:56 -03 2016
Caros,
Achei que tava indo bem... até que boom!!
"iptables -t mangle -A PREROUTING -p icmp -j DROP
This drops all ICMP packets. ICMP is only used to ping a host to find out
if it's still alive. Because it's usually not needed and only represents
another vulnerability that attackers can exploit, we block all ICMP packets
to mitigate Ping of Death (ping flood), ICMP flood and ICMP fragmentation
flood."
preparar para problemas com MTU em 3, 2...
2016-07-03 20:53 GMT-03:00 Rodrigo Meireles <mikrotikfull at gmail.com>:
> Excelente!
>
> Em 3 de julho de 2016 19:36, Wagner Loula <wld.net1 at gmail.com> escreveu:
>
> > Muito bom
> > Em 3 de jul de 2016 18:28, "Wilson R Lopes" <wilsonlopes00 at gmail.com>
> > escreveu:
> >
> > > Excelente artigo que mostra como configurar e otimizar o iptables para
> > > mitigar vários tipos de ataques tcp - syn floods, ack floods, invalid
> tcp
> > > headers, open connections flood. Limitada, mas uma boa solução "home
> > made".
> > >
> > >
> > > https://javapipe.com/iptables-ddos-protection
> > >
> > >
> > > Abs,
> > > Wilson
> > > --
> > > gter list https://eng.registro.br/mailman/listinfo/gter
> > --
> > gter list https://eng.registro.br/mailman/listinfo/gter
> >
>
>
>
> --
> *Rodrigo Melo Meireles*
>
> *CTO - Solustic Solucoes em Tecnologia-TI*
> Analista/Consultor de Redes
> Analista de Segurança
> Mikrotik Certified
> URBSS Certified
> 85.40629515 85.996459346
> --
> gter list https://eng.registro.br/mailman/listinfo/gter
>
--
Christian Lyra
PoP-PR/RNP
(41) 3361-3343
More information about the gter
mailing list