Configure CSF on CentOS 5 and 6 to prevent small-scale DDoS and CC attacks
-
Last Update: 2020-04-03
-
Source: Internet
-
Author: User
Search more information of high quality chemicals, good prices and reliable suppliers, visit
www.echemi.com
Fully configured CSF can block the ports that do not want to be opened In addition, the firewall also provides some other functions, which is very useful to ensure the security of the server This article focuses on how to configure CSF in CentOS 5 and 6 to deal with DDoS and CC attacks 1、 Open CSF firewall CSF firewall can be opened by editing the main file / etc / CSF / csf.conf setting: testing = 0 2 Port flood protection this setting can provide protection against port flood attacks (such as DOS denial of service attacks) You can set the number of connections allowed for each port in a certain period It is recommended to turn this feature on because it can prevent attackers from forcing the server to shut down Attention should be paid to the set limit range Excessive limit will miss the access of normal customers Similarly, too wide a limit can allow flood attacks to succeed Portload is a comma separated list: portload = "22; TCP; 5; 300,80; TCP; 20; 5" means: Third, connlimit connection protection this function can be used to limit the number of concurrent active connections from one IP address for each port When properly configured, it can protect the server from DOS and other attacks Connlimit is a comma separated list: connlimit = "22; 5,80; 20" means: IV synload, synload? Rate and synload? Burst synload = "0" SYNFLOOD_RATE = “100/s” SYNFLOOD_BURST = “150”
This article is an English version of an article which is originally in the Chinese language on echemi.com and is provided for information purposes only.
This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of
the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed
description of the concern or complaint, to
service@echemi.com. A staff member will contact you within 5 working days. Once verified, infringing content
will be removed immediately.