7

Is there a rule for iptables to limit the amount of SYN packets a /24 range of IPs can send?

view full story
linux-howto

http://askubuntu.com – How can I block entire C class IP blocks when they send too many SYN packets to my ubuntu 12.04 server? Example of what I see during a SYN flood attack: Each different IP only sends 1 SYN packet, so the firewall doesn't block it. But the range 192.132.209.* all together is sending a lot of SYN packets in a very small time period. (HowTos)

Songlist's picture
Submitted by Songlist on 01/12/2013 – Made popular on 01/12/2013

Stories similar to Is there a rule for iptables to limit the amount of SYN packets a /24 range of IPs can send?

My home server has two main interfaces, eth1 (a standard internet connection) and tun0 (an OpenVPN tunnel).

Android UDP packet loss 10 weeks 4 days ago

So i'm writing an app that sends 5Kb packets out 15 times a second through UDP. I understand I will lose some packets but I seem to be losing all my packets after the first couple seconds. Even if I slow it down to send the 5Kb packets out once every 10 seconds I will still lose them. What would cause this?

I have someone flooding me with random packets on random ports that are closed.

My server is responding to this with tcp-reset packets I think which is chewing up the outbound bandwidth too.

How do I use iptables to block tcp-reset packets?

how to block netbios broadcasts 2 years 36 weeks ago

Hello, I've a server in an European data center, My server is receiving a lot of UDP Netbios Boradcast packets (I've sniffed them via tcpdump )

I've block the sender IP via iptables but tcpdump again shows the packets that are receiving.

an example tcpdump output 16:35:25.829592 IP SENDER-IP.netbios-ns > MY-SERVER-IP.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

How can I bl

IPtables for a virtual dedicated server.

I would like to block UDP scans and I was wondering whether there's a minimum packet size for a DNS lookup?

Nmap sends 0-byte UDP packets (source : http://nmap.org/bennieston-tutorial/ ), but there're probably tools available that allow you to add a few bytes.

Also, I don't quite understand how nmap's UDP packets can be 0 bytes.

I read that certain types¹ of ICMP packets can be harmful. Questions:

Which ones and why? How should I layout an iptables ruleset to handle each type of ICMP packet? Should I rate-limit any of these types of ICMP packets? And how?

[¹] The types I read about: Redirect (5), Timestamp (13) and Address Mask Request (17).

I'm testing connection with flash client and cloud server(boost::asio for software) over TCP connection. My connection with server already is really poor - 120 ms ping in average. I found when i start to send packets with 2 bytes size (without tcp header) with speed 30 packets/s - ping grow to 170-200 average.

Some are saying that bigger packets are better to send then smaller.

But in this app: http://media.pearsoncmg.com/aw/aw_kurose_network_2/applets/message/messa...

The lower the packet size is, the smaller amount of time it needs to reach the destination. So I don't understand why to prefer bigger size? Can you please explain it to me? Thank you

We're running a nginx reverse proxy cluster, forwarding traffic to our main website, this enables us to filter out unwanted traffic/users etc, and send them off else where, now we have a few issues with SYN floods where the requests a second is overflowing the proxy + the main server causing them to become unavailable.

Is there any ip tables magic that can A) Rate limit SYN packets / connections