設為首頁

收藏本站

導覽首頁 | 新登場    ◇聯盟溫泉 | 民宿 | 人力銀行 | 女性 |

類型:Linux_commend

CSF PORTFLOOD, csf
避免DDOS攻擊,可以設定:

限制每秒允許20連繫HTTP

PORTFLOOD = "80;tcp;20;1"

如果要避免郵件伺服器遭到攻擊,可以設定 22;tcp;5;300 (三百杪允許連繫五次以內)

所以,HTTP+SMTP設定為

PORTFLOOD = "80;tcp;20;1,22;tcp;5;300"


SYNFLOOD
SYNFLOOD is disabled by default. If you are not receiving any sort of attack, there is no need to enable it. If you are expecting an attack, enable it and set the rules a bit strict, like
SYNFLOOD = "1"  #設為使用
SYNFLOOD_RATE = "60/s"  #每秒敲求連接次數
SYNFLOOD_BURST = "30"  #連續超過30次異常大量連接要求
#如果連續超過30次從某個個別IP每秒鐘收到60次以上的連接請求,則封鎖這個IP。(亦即某個IP連續向伺服器發出大量連接請求。即加以封鎖。)

i.e. if 60 connections are received from an IP/sec for 30 times, block it. Make sure don’t keep it too strict if you are not receiving an attack else it will generate false positives and will block legit connections.

PORTFLOOD

PORTFLOOD = 80;tcp;100;5,22;tcp;5;300

ie, If an IP makes 100 connections in 5 sec to port 80 (tcp), then it will be blocked from the server and if 5 connections in 300 sec to 22 port.

# Send an email alert if an IP address is blocked by one of the
  • triggers
    csf 信件提示
    不寄信
    LF_EMAIL_ALERT = "0"
    寄信
    LF_EMAIL_ALERT = "1"

    EMAIL_ALERT可以查出更多寄信通知設定EMAIL_ALERT=,並手動設定為1或0(要不要通知)

    # Leave this option empty to use the To: field setting in each alert template
    csf提醒通知
    LF_ALERT_TO = " abc@domain.com"


    ######
    CSF DoS/DDoS 防火牆設定
    目前還沒有辦法阻止對連接到Internet的任何服務器進行DoS / DDoS攻擊; 一旦進行中,唯一可以做的就是盡量減輕其影響。
    如果明知道用戶並不多卻發生MySQL數據too many connections錯誤,就有可能是DoS / DDoS攻擊。
    CSF防火牆可以提供很好的保安機制。

    限制傳入流量
    CT_LIMIT
    降低數字是避免被灌入流量的方法,但通常情況下,您絕不應嘗試將其設置為低於100。
    所以,建議為120。
    但要把CT_EMAIL_ALERT設為0,以避免email提示。

    限制特定端口PORT的速率
    CT_PORTS
    一般建議只設定80,443這兩個http的PORT。
    CT_PORTS="80,443"

    SYNFLOOD to "1"
    SYNFLOOD_RATE is the number of SYN packets to accept per IP, per second. For the purposes of this tutorial, we’ll be using a value of “75/s” on the assumption that a DoS attack is in progress.
    SYNFLOOD_BURST is the number of times the IP can hit the rate limit before being blocked in the firewall. A setting of 25 works for our purposes.









  • 104休閒信箱 2.3.0 © 104mm.com 2001 - 2019. 您尚未登錄
    Page generated in 0.00534582 seconds with 3 Queries