리눅스 DDOS 공격 예방법

by · Published · Updated

  • 패스워드 공격 :

iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –set –name SSHSCAN

iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –update –seconds 60 –hitcount 8 –rttl –name SSHSCAN -j LOG –log-prefix SSH_SCAN:

iptables -A INPUT -p tcp –dport 22 -m state –state NEW -m recent –update –seconds 60 –hitcount 8 –rttl –name SSHSCAN -j DROP

혹은 ..

# /etc/rc.d/init.d/iptables save
# vi /etc/sysconfig/iptables

# Generated by iptables-save v1.4.7 on Mon Nov 24 18:13:04 2014
*filter
:INPUT ACCEPT [77821:18947147]
# 룰 추가
-A INPUT -p tcp –dport 22 -m state –state NEW -m recent –set –name SSHSCAN
-A INPUT -p tcp –dport 22 -m state –state NEW -m recent –update –seconds 60 –hitcount 8 –rttl –name SSHSCAN -j LOG –log-prefix SSH_Scan:
-A INPUT -p tcp –dport 22 -m state –state NEW -m recent –update –seconds 60 –hitcount 8 –rttl –name SSHSCAN -j DROP
# 룰 추가 끝
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [76355:16945171]
COMMIT
# Completed on Mon Nov 24 18:13:04 2014

# /etc/rc.d/init.d/iptables start
# chkconfig –level 345 iptables on

fail2ban 설치. http://www.fail2ban.org

– DDos 공격 :

iptables -A INPUT -p tcp –dport 80 -m recent –update –seconds 1 –hitcount 10 –name HTTP -j DROP

Tags:

서진우

슈퍼컴퓨팅 전문 기업 클루닉스/ 상무(기술이사)/ 정보시스템감리사/ 시스존 블로그 운영자

You may also like...

3 Responses

  1. gate.io şikayet 말해보세요:
    2023년 5월 15일, 12:58 오전

    After reading your article, I have some doubts about gate.io. I don’t know if you’re free? I would like to consult with you. thank you.

    응답
  2. código de Binance 말해보세요:
    2024년 4월 3일, 2:25 오후

    Thanks for sharing. I read many of your blog posts, cool, your blog is very good.

    응답
  3. conta gratuita na binance 말해보세요:
    2024년 4월 19일, 12:17 오전

    Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me?

    응답

페이스북/트위트/구글 계정으로 댓글 가능합니다.