Linux Today: Linux News On Internet Time.

Howto block DDOS attacks on Ubuntu

Feb 27, 2009, 07:34 (1 Talkback[s])

"Here is an explanation of what this configuration file will do :

"If an IP made 250 NEW connections in 1 hour time it will send an email to admin@example.com. The same happend after 400 connections. After 500 new connections in 1h period, PSAD will block the IP for the next 12 hours. Of course you can ajust that to your needs... Remember that we only log IP that made at least 5 connection in the last 5 seconds so it's improbable to block a legitimate user... 'Packets' are not real packets, they are simply the number of time the IP appears in /var/log/syslog."

Complete Story

Related Stories: