리눅스 DDOS 공격 예방방법

완벽한 차단은 역시 장비를 빌려야 하겠지만 최소한이라도 조치를 하는방법 이다.

- 패스워드 공격 :

iptables -A INPUT -p tcp —dport 22 -m state —state NEW -m recent —set —name SSHSCAN

iptables -A INPUT -p tcp —dport 22 -m state —state NEW -m recent —update —seconds 60 —hitcount 8 —rttl —name SSHSCAN -j LOG —log-prefix SSH_SCAN:

iptables -A INPUT -p tcp —dport 22 -m state —state NEW -m recent —update —seconds 60 —hitcount 8 —rttl —name SSHSCAN -j DROP

혹은 ..

">/etc/rc.d/init.d/iptables save

">vi /etc/sysconfig/iptables

">Generated by iptables-save v1.4.7 on Mon Nov 24 18:13:04 2014

*filter :>INPUT >ACCEPT [77821:18947147]

">룰 추가

-A >INPUT -p tcp —dport 22 -m state —state >NEW -m recent —set —name >SSHSCAN -A >INPUT -p tcp —dport 22 -m state —state >NEW -m recent —update —seconds 60 —hitcount 8 —rttl —name >SSHSCAN -j >LOG —log-prefix SSH_Scan: -A >INPUT -p tcp —dport 22 -m state —state >NEW -m recent —update —seconds 60 —hitcount 8 —rttl —name >SSHSCAN -j >DROP

">룰 추가 끝

:>FORWARD >ACCEPT [0:0] :>OUTPUT >ACCEPT [76355:16945171] >COMMIT

">Completed on Mon Nov 24 18:13:04 2014

">/etc/rc.d/init.d/iptables start

">chkconfig —level 345 iptables on

fail2ban 설치. http://www.fail2ban.org

- DDos 공격 :

iptables -A INPUT -p tcp –dport 80 -m recent –update –seconds 1 –hitcount 10 –name HTTP -j DROP