The hypothesized main engine service provider will possibly come under the hacker attack in the operation process, the common forms of defensive action will have SYN, DDOS and so on. Through replaces IP, searches the stand which attacks is possibly avoided attacks, but interrupt servicing’s time comparison is long. Acquires the hardware firewall compared with the thorough solution. However, the hardware firewall price is quite expensive. May consider that provides the firewall function using the Linux system itself to defend.
1. Resists SYN
The SYN attack is the principle which 3 times shakes hand using the TCP/IP agreement, transmits the massive establishment connection the network package, but is not practical establishes the connection, causes to attack finally server’s network formation to fully occupy, is unable by the normal user visit.
The Linux essence has provided the certain SYN related disposition, with order:
sysctl – a | grep syn
Sees:
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_synack_retries = 5
net.ipv4.tcp_syn_retries = 5
tcp_max_syn_backlog is the SYN formation’s length, tcp_syncookies is a switch, whether to open SYN the Cookie function, this function may prevent the part SYN attack. tcp_synack_retries and tcp_syn_retries define SYN to try the number of times again.
Increases the SYN queue size to be possible to hold the more waiting connections the network connections number, opens SYN the Cookie function to be possible to prevent the part SYN attack, reduces tries the number of times also to have certain effect again.
Adjusts the above establishment the method is:
Increases the SYN queue size to 2048:
sysctl – w net.ipv4.tcp_max_syn_backlog=2048
Opens SYN the COOKIE function:
sysctl – w net.ipv4.tcp_syncookies=1
Reduces tries the number of times again:
sysctl – w net.ipv4.tcp_synack_retries=3
sysctl – w net.ipv4.tcp_syn_retries=3
Restarts for the system moves when maintains the above disposition, may join the above order to the /etc/rc.d/rc.local document.
2. Resists DDOS
DDOS, distributional refuses to visit the attack, is refers to the hacker to organize from different origin many main engines, to common port, like 80,25 and so on transmission massive connections, but these client sides only establish the connection, is not the normal visit. Because the general Apache disposition accepts the connection number limitedly (usually is 256), these the vacation the visit will fully occupy Apache, the normal visit will be unable to carry on.
Linux provided has called ipchains the firewall tool, might shield from specific IP or the IP address section to the specific port’s connection. Uses ipchains to resist DDOS, is first through the netstat order discovery attack origin address, then orders with ipchains to block the attack. Discovered that blocks one.