Sunday, April 17, 2005

Help against DDOS attacks

echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 4096 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range
echo 0 > /proc/sys/net/ipv4/tcp_sack

# stops anyone doing an OS finger print scan on the IP stack, 64 will show as linux, 61 will screw them up
echo 61 > /proc/sys/net/ipv4/ip_default_ttl

for device in `ls /proc/sys/net/ipv4/conf`
do
echo "2" > /proc/sys/net/ipv4/conf/$device/rp_filter
echo "0" > /proc/sys/net/ipv4/conf/$device/accept_redirects
echo "0" > /proc/sys/net/ipv4/conf/$device/send_redirects
echo "1" > /proc/sys/net/ipv4/conf/$device/secure_redirects
echo "0" > /proc/sys/net/ipv4/conf/$device/accept_source_route
echo "1" > /proc/sys/net/ipv4/conf/$device/log_martians
done

more ideas:

#Reduce DoS'ing ability by reducing timeouts
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 1280 > /proc/sys/net/ipv4/tcp_max_syn_backlog

No comments: