Skip to content
/ SuppressDDoS Public

Suppressing Distributed Denial-of-Service (DDoS) attacks at the terminal level. Don't forget to star 🌟 this repository.

22 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

g1f1/SuppressDDoS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

1 Commit
README.md
README.md
Β 
Β 

Repository files navigation

Suppressing Distributed Denial-of-Service (DDoS) attacks at the terminal level typically involves configuring your firewall to block malicious traffic. Below are some specialized iptables commands that can help mitigate DDoS attacks. These commands are designed to block IP addresses that exceed certain thresholds of new connections, packet rates, and connection attempts.

1. Limit Connections Per IP:

This rule limits the number of new connections per minute from a single IP address to 10. IPs exceeding this limit will be blocked.

sudo iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --set
sudo iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 10 -j DROP

2. Limit Packet Rate:

This rule limits the number of packets per second to a maximum of 25. IPs exceeding this limit will be blocked.

sudo iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/s --limit-burst 100 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j DROP

3. Syn Flood Protection:

This rule helps to mitigate SYN flood attacks by limiting the rate of incoming SYN packets.

sudo iptables -A INPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT
sudo iptables -A INPUT -p tcp --syn -j DROP

4. Drop Invalid Packets:

This rule drops packets that are identified as invalid.

sudo iptables -A INPUT -m conntrack --ctstate INVALID -j DROP

5. Block ICMP (Ping) Requests:

This rule drops ICMP echo-request packets (ping requests) to prevent ping flood attacks.

sudo iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

6. Log and Drop:

This rule logs incoming traffic that matches certain criteria before dropping it. This is useful for monitoring and analyzing attack patterns.

sudo iptables -A INPUT -p tcp --dport 80 -m limit --limit 5/m --limit-burst 10 -j LOG --log-prefix "DDoS Attack: "
sudo iptables -A INPUT -p tcp --dport 80 -j DROP

7. Limit SSH Connections:

This rule limits the number of new SSH connections to 5 per minute from a single IP address.

sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 5 -j DROP

Applying the Rules:

To make these rules persistent across reboots, you should save them to your firewall configuration file.

sudo apt-get install iptables-persistent
sudo iptables-save > /etc/iptables/rules.v4
sudo iptables-save > /etc/iptables/rules.v6

Important Considerations:

  • Monitoring: Regularly monitor your firewall logs to identify and adjust rules as necessary.
  • Legitimate Traffic: Be cautious with thresholds to avoid blocking legitimate traffic.
  • Advanced Solutions: Consider integrating more advanced DDoS mitigation solutions such as Macroweb dedicated DDoS protection services.

These commands provide a foundational layer of protection against DDoS attacks. For comprehensive security, they should be combined with other security measures and practices.

About

Suppressing Distributed Denial-of-Service (DDoS) attacks at the terminal level. Don't forget to star 🌟 this repository.

Resources

Readme
Activity

Stars

22 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published