security – iptables DoS and DDoS mitigation

April 18th, 2014 by Saws Agored

Denial of service is a common problem on the internet. However most attacks are very unsophisticated. It’s these types of attacks that you can easily mitigate using iptables because they often have many connections from the same source IP addresses.

Here is a quick snippet of code that can help overcome those DDoS attacks.

iptables -I INPUT -i eth0 -p {{ip protocol}} --dport {{destination port}} \
         -m hashlimit --hashlimit-mode srcip --hashlimit-srcmask 32 \
         --hashlimit-above {{burst above hashlimit (per second)}}/s \
         --hashlimit-burst {{number of connections}} \
         --hashlimit-name={{log entry tag}} -j DROP

Where the lines surrounded in {{ }} can be configured as such:

{{ip protocol}} : is tcp/udp or other ip layer protocol
{{destination port}} : is the destination port that is under attack
{{burst above hashlimit}} : is the per second limit of burst above the baseline packets per second.
{{number of connections}} : is the number of sessions per second permitted
{{log entry tag}} : what will the log entry say. e.g. DDoS.