linuxpakistan.net

[5851820]

Hello Every Body,
I have one problem i wana block Denial of Service Attack (DoS) on Fedora Core 4 any body wana help me

I shall be very greatful to him/her.

Thanx..................

[phoenix]

turn off your pc and unplug the main cable and go to bed.

[blackdaemon]

salam:

Get your firewall up & set it to high security. if still getting dosd get an ids up, on running services supply rules to check connection to those services and deny access to any attempting dos attack, or even better click here:

http://www.cert.org/tech_tips/denial_of_service.html

[LinuxFreaK]

Dear 5851820,
Salam,

Edit your /etc/sysconfig/iptables and add following code !!

Code: Select all

-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1311 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

## DNS Server ##
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 53 -j ACCEPT --syn
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp -s 0/0 -d 0/0 --sport 53 -j ACCEPT
## End DNS ##

#Block malicious system
-A RH-Firewall-1-INPUT -p tcp -m tcp -s [b]IP[/b] -j DROP
-A OUTPUT -d 70.86.76.34 -j DROP
#-A RH-FireWall-1-INPUT -p tcp -m tcp -d [b]IP[/b]/32 -j DROP

COMMIT

Change the IP to the IP from whick you are getting attacks !!

Best Regards.