리눅스 DDOS 공격 예방방법

Posted by 대혀니_
2015. 4. 18. 18:48 IT/Linux

완벽한 차단은 역시 장비를 빌려야 하겠지만 최소한이라도 조치를 하는방법 이다.



- 패스워드 공격 :

iptables -A INPUT -p tcp —dport 22 -m state —state NEW -m recent —set —name SSHSCAN

iptables -A INPUT -p tcp —dport 22 -m state —state NEW -m recent —update —seconds 60 —hitcount 8 —rttl —name SSHSCAN -j LOG —log-prefix SSH_SCAN:

iptables -A INPUT -p tcp —dport 22 -m state —state NEW -m recent —update —seconds 60 —hitcount 8 —rttl —name SSHSCAN -j DROP

혹은 ..

    ">/etc/rc.d/init.d/iptables save
    ">vi /etc/sysconfig/iptables
    ">Generated by iptables-save v1.4.7 on Mon Nov 24 18:13:04 2014
*filter :>INPUT >ACCEPT [77821:18947147]
    ">룰 추가
-A >INPUT -p tcp —dport 22 -m state —state >NEW -m recent —set —name >SSHSCAN -A >INPUT -p tcp —dport 22 -m state —state >NEW -m recent —update —seconds 60 —hitcount 8 —rttl —name >SSHSCAN -j >LOG —log-prefix SSH_Scan: -A >INPUT -p tcp —dport 22 -m state —state >NEW -m recent —update —seconds 60 —hitcount 8 —rttl —name >SSHSCAN -j >DROP
    ">룰 추가 끝
:>FORWARD >ACCEPT [0:0] :>OUTPUT >ACCEPT [76355:16945171] >COMMIT
    ">Completed on Mon Nov 24 18:13:04 2014
    ">/etc/rc.d/init.d/iptables start
    ">chkconfig —level 345 iptables on

fail2ban 설치. http://www.fail2ban.org

- DDos 공격 :

iptables -A INPUT -p tcp –dport 80 -m recent –update –seconds 1 –hitcount 10 –name HTTP -j DROP