[root@xiaomu ~]# netstat -an | grep SYN | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -nr | more
36 109.70.69.59
1 222.178.37.42
1 218.108.85.59
1 190.81.197.97
1 190.116.88.11
1 120.32.222.123
[root@xiaomu ~]# vim /etc/rc.d/rc.local
添加 然后保存
ulimit -HSn 65535
/usr/local/apache2/bin/apachectl start
#####
sysctl -w net.ipv4.tcp_max_syn_backlog=2048
sysctl -w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_synack_retries=3
sysctl -w net.ipv4.tcp_syn_retries=3
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Syn 洪水攻击
#iptables -A INPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT
--limit 1/s 限制syn并发数每秒1次
防端口扫描
# iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
死亡之ping
# iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
#>iptables-save >/etc/sysconfig/iptables
进行查看,#iptables -L
ACCEPT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5
ACCEPT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5
阅读(1625) | 评论(0) | 转发(0) |