How to prevent DDOS attacks – please, use this script.

If it’s a slowloris, which would use up all the connections and then keep the connections for a prolonged period of time, rather than a synflood on port 80, you could try the following to reduce the impact in the firewall:

/sbin/iptables -I INPUT -p tcp -m state --state NEW --dport 80 -m recent --update --seconds 15 --hitcount 10 -j DROP

A couple of other handy commands to see the pattern for the traffic on the machine:

tcpdump -nn 'tcp[13] == 2' and port 80 -c 100 -i any
tcpdump -Annvvs 1500 'tcp[13] == 2' and port 80 -c 100 -i any

Leave a Reply

Your email address will not be published. Required fields are marked *