How to use IPtables to stop common DDOS attacks
DDoS stands for Distributed Denial of Service attack. A distributed attack is an attack from multiple sources. DDoS attacks aim to flood your server and connection with requests which in turn causes a queue of requests whilst the server attempts to service them. This renders your server inaccessible until the server has processed the requests queue.
200TB DDoS Protection
Having trouble with DDoS attacks? We can protect you!. All of our servers, including NVMe VPS servers, can handle up to 200 TBs of traffic requests making it extremely unlikely for a DDoS attack targeted at one of our servers to be effective. DDoS mitigation is automatic for all First2Host customers with a VPS, Dedicated or Hosting account. When we detect a DDoS attack we will warn you and protect you. View our plans today.
Since CentOS 7 IPtables was replaced by firewalld but IPtables is still available to use. This guide assumes you’re using IPtables. You can add each rule by pasting the rule into a command prompt as the root user.
How To Stop Null Packets
Null packets are flag-less TCP packets. Attackers usually use bots to scan servers for weaknesses in their firewall configuration. These bots produce empty packets and IPtables can be configured to automatically block these types of requests making it hard for a malicious user to find any errors in your firewall configuration.
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
The above rule will tell IPtables to drop (refuse) flag-less packets
How To Stop SYN-Flood Attacks
This type of attack is when a malicious user can connect to your server without sending or receiving any information. The main reason a user would do this is to consume the resources on your server. You can use the rule below to block SYN-Flood attacks
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
How To Stop XMAS Packets
XMAS Packets are malformed packets of data and as a rule of thumb you should block these
sudo iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
Saving your new IPtables Configuration
Debian & Ubuntu
iptables-save > /etc/network/iptables
CentOS & Red Hat Linux
iptables-save > /etc/sysconfig/iptables
To ensure your new IPtables configuration loads on Debian and Ubuntu you should add the following line to the /etc/rc.local file.
How was this article? – How to use IPtables to stop common DDoS attacks
More from Dedicated Servers
Enable Mod_RemoteIP – See Visitors Real IP address when using Cloudflare & Apache
If you are using Cloudflare on your Apache server you will always see Cloudflare IPs in your logs and not …
Fix 413 Request Entity Too Large Errors When Using NGINX
Just like Apache, NGINX imposes default limits on the size of files that can be uploaded. A 413 Request Entity …
Cloud-init Modules That Automate and Customize Deployments
Cloud-init is a popular way to automate deployments of instances in a cloud or none cloud environment. To save having …