如何保护apache webserver免受DOS,DDOS的攻击。</ p>
注意:已经在iptables.still中添加了规则我收到了syn请求。
错误: -
[root@471283-app2 ~]# dmesg | grep -i syn
megasas: fasync_helper was not called first
possible SYN flooding on port 80. Sending cookies.
possible SYN flooding on port 80. Sending cookies.
possible SYN flooding on port 80. Sending cookies.
possible SYN flooding on port 8080. Sending cookies.
possible SYN flooding on port 25. Sending cookies.
[root@471283-app2 ~]# netstat -n | grep :80 | grep SYN |wc -l
64
Iptables规则
[root@471283-app2 ~]# iptables -L -v
Chain INPUT (policy ACCEPT 331M packets, 6033G bytes)
pkts bytes target prot opt in out source destination
24621 1320K ACCEPT tcp -- any any 173.4.4.4/24 anywhere tcp dpt:ssh
1314K 77M ACCEPT tcp -- eth0 any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 5/sec burst 5
20245 1196K DDOS_SYNFLOOD tcp -- any any anywhere anywhere tcp dpt:http flags:FIN,SYN,RST,ACK/SYN
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 321M packets, 6110G bytes)
pkts bytes target prot opt in out source destination
Chain DDOS_SYNFLOOD (1 references)
pkts bytes target prot opt in out source destination
18656 1108K ACCEPT all -- any any anywhere anywhere limit: avg 1/sec burst 3
1589 87748 DROP all -- any any anywhere anywhere
答案 0 :(得分:0)
可能无事可做。
您可以尝试使攻击者停止的方法。也许您可以识别攻击者正在使用的IP地址,向攻击者的ISP滥用部门提交投诉,等等。也许它是某种错误或配置错误,你只需要让源机器的管理员知道这个问题。
但就技术决议而言,你所能做的就是阻止攻击伤害你。你说它不会伤害你。那么缓解或过滤的重点是什么?