Thread: Help stopping DoS attack Ubuntu 16.04
View Single Post
sphinx
Senior Member
Join Date: Jun 2005
Location: E.U. / localhost
Old 09-23-2018 , 03:10   Re: Help stopping DoS attack Ubuntu 16.04
Reply With Quote #6
Quote:
Originally Posted by lugui View Post
sudo iptables -t nat -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 15 --connlimit-mask 32 --connlimit-saddr -j DROP
sudo iptables -t nat -A INPUT -p udp -m connlimit --connlimit-above 15 --connlimit-mask 32 --connlimit-saddr -j DROP

Run this. It will drop any IP that makes more than 15 conections (you can lower it if you want)
this works only if the flood comes from the same ip address (which is a very rare case), but not for ddos flood, which can be mitigated only upstream.
Last edited by sphinx; 09-24-2018 at 02:46.
sphinx is offline