How to receive a million packets per second

Last week during a casual conversation I overheard a colleague saying: « The Linux network stack is slow! You can’t expect it to do more than 50 thousand packets per second per core! » That got me thinking. While I agree that 50kpps per core is probably the limit for any practical application, what is the Linux […]

Read More →
Code Snippet: iptables settings to prevent UDP abuse (flood protection)

Prevent UDP flood Some basic iptables settings can prevent UDP flood from happening. The Attacker Here’s an example of the kinds of apps that were being used. This simple PHP app floods random UDP ports with very large packets continuously. This can degrade or cause failure for an entire subnet. ignore_user_abort(TRUE); set_time_limit(0); if(!isset($_GET[‘h’]))         […]

Read More →
iptables recent module usage by example

iptables recent module usage by example icmp check: 2 packets per 10 seconds – rcheck iptables -F iptables -A INPUT -p icmp –icmp-type echo-request -m recent –rcheck –seconds 10 –hitcount 2 –name ICMPCHECK -j DROP iptables -A INPUT -p icmp –icmp-type echo-request -m recent –set –name ICMPCHECK -j ACCEPT icmp check: 2 packets per 10 […]

Read More →
Using Iptables to Block Brute Force Attacks

Source: MDLog:/sysadmin We can use the iptables recent module to write some iptables rules that can block brute force attacks. In order to use this method you need a kernel and iptables installation that includesipt_recent. If your linux distribution doesn’t include the ipt_recent module or you are using a custom compiled kernel you might need to […]

Read More →
Protect DDOS attacks

Protect DDOS attacks Using ModEvasive agains DDoS attacks The first think to do is to install ModEvasive. All details are provided in http://hardenubuntu.com/hardening/apache/modsecurity/. Configuring UFW The following instructions can be added to the UFW rules. Edit the /etc/ufw/before.rules: sudo vi /etc/ufw/before.rules Add those lines after *filter near the beginning of the file: :ufw-http – [0:0] […]

Read More →
Blocking FTP Hacking Attempts

1. Sensible first steps Disable FTP Firstly, do you really need to be running an FTP server? If not, turn it off and block the relevant ports. For example, using iptables: /sbin/iptables -A INPUT -p tcp –match multiport –dports ftp,ftp-data -j DROP In any case you almost certainly want to disable anonymous FTP connections. For […]

Read More →
IPTables, la suite: script d’initialisation

Source: notarobot.fr On a vu dans l’article précédent comment fonctionnait IPTables et comment pouvait se construire ses commandes. Dans la suite je vais vous proposer un script qui permet d’initialiser IPTables avec ses propres règles au démarrage de la machine. Ce n’est pas la meilleure façon de faire c’est juste celle que j’utilise. On pourrait […]

Read More →