[GTER] Mitigando ataques DDoS tcp com iptables

Leonardo Amaral - Listas listas at leonardoamaral.com.br
Mon Jul 4 11:34:49 -03 2016 

Eu nem quis comentar. Enfiaram filtro computacionalmente caro ali pra
filtrar DDoS.



[image: --]

Leonardo Amaral
[image: https://]about.me/leonardo.amaral
<https://about.me/leonardo.amaral?promo=email_sig&utm_source=email_sig&utm_medium=email_sig&utm_campaign=external_links>

Em 4 de julho de 2016 10:28, Christian Lyra <lyra at pop-pr.rnp.br> escreveu:

> Caros,
>
> Achei que tava indo bem... até que boom!!
>
> "iptables -t mangle -A PREROUTING -p icmp -j DROP
>
> This drops all ICMP packets. ICMP is only used to ping a host to find out
> if it's still alive. Because it's usually not needed and only represents
> another vulnerability that attackers can exploit, we block all ICMP packets
> to mitigate Ping of Death (ping flood), ICMP flood and ICMP fragmentation
> flood."
>
>
> preparar para problemas com MTU em 3, 2...
>
> 2016-07-03 20:53 GMT-03:00 Rodrigo Meireles <mikrotikfull at gmail.com>:
>
> > Excelente!
> >
> > Em 3 de julho de 2016 19:36, Wagner Loula <wld.net1 at gmail.com> escreveu:
> >
> > > Muito bom
> > > Em 3 de jul de 2016 18:28, "Wilson R Lopes" <wilsonlopes00 at gmail.com>
> > > escreveu:
> > >
> > > > Excelente artigo que mostra como configurar e otimizar o iptables
> para
> > > > mitigar vários tipos de ataques tcp - syn floods, ack floods, invalid
> > tcp
> > > > headers, open connections flood. Limitada, mas uma boa solução "home
> > > made".
> > > >
> > > >
> > > > https://javapipe.com/iptables-ddos-protection
> > > >
> > > >
> > > > Abs,
> > > > Wilson
> > > > --
> > > > gter list    https://eng.registro.br/mailman/listinfo/gter
> > > --
> > > gter list    https://eng.registro.br/mailman/listinfo/gter
> > >
> >
> >
> >
> > --
> > *Rodrigo Melo Meireles*
> >
> > *CTO - Solustic Solucoes em Tecnologia-TI*
> > Analista/Consultor de Redes
> > Analista de Segurança
> > Mikrotik Certified
> > URBSS Certified
> > 85.40629515 85.996459346
> > --
> > gter list    https://eng.registro.br/mailman/listinfo/gter
> >
>
>
>
> --
> Christian Lyra
> PoP-PR/RNP
> (41) 3361-3343
> --
> gter list    https://eng.registro.br/mailman/listinfo/gter
>

More information about the gter mailing list