Denial of Service Attack (DoS)

Protecting your Linux box
Post Reply
5851820
Lance Naik
Posts: 24
Joined: Mon Jan 26, 2004 9:37 am
Location: Lahore-Pakistan
Contact:
Contact 5851820

Denial of Service Attack (DoS)

Post by 5851820 »

Hello Every Body,
I have one problem i wana block Denial of Service Attack (DoS) on Fedora Core 4 any body wana help me

I shall be very greatful to him/her.

Thanx..................
Top
phoenix
Havaldaar
Posts: 105
Joined: Wed Jan 18, 2006 4:02 pm
Location: Islamabad
Contact:
Contact phoenix

Post by phoenix »

turn off your pc and unplug the main cable and go to bed.
__/__/__/__/__/__/__/__/__/__/__/__/
Pakistan - Kashmir
__/__/__/__/__/__/__/__/__/__/__/__/
Top
blackdaemon
Naik
Posts: 53
Joined: Wed Jan 04, 2006 3:51 pm
Location: Quetta, Pakistan
Contact:
Contact blackdaemon

Post by blackdaemon »

salam:

Get your firewall up & set it to high security. if still getting dosd get an ids up, on running services supply rules to check connection to those services and deny access to any attempting dos attack, or even better click here:

http://www.cert.org/tech_tips/denial_of_service.html
I think, therefore i am!
Top
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:
Contact LinuxFreaK

Re:

Post by LinuxFreaK »

Dear 5851820,
Salam,

Edit your /etc/sysconfig/iptables and add following code !!

Code: Select all

-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1311 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

## DNS Server ##
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 53 -j ACCEPT --syn
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp -s 0/0 -d 0/0 --sport 53 -j ACCEPT
## End DNS ##

#Block malicious system
-A RH-Firewall-1-INPUT -p tcp -m tcp -s [b]IP[/b] -j DROP
-A OUTPUT -d 70.86.76.34 -j DROP
#-A RH-FireWall-1-INPUT -p tcp -m tcp -d [b]IP[/b]/32 -j DROP

COMMIT
Change the IP to the IP from whick you are getting attacks !!

Best Regards.
Farrukh Ahmed
Top
Post Reply

Return to “Security”