On 5/14/16, Flipchan <flipc...@riseup.net> wrote: > Did u manage to put up some anti ddos? > > I wrote a script that blocked my läst attackers ddos attacks might work.. > > block udp ddos attacks drop em if they are sent more then 15 times > iptables -A INPUT -p udp -m connlimit --connlimit-above 15 -j DROP > iptables -A OUTPUT -p udp -m connlimit --connlimit-above 10 -j DROP
A real layer-3 [d]DoS saturates your pipe, nothing you can do with a "script" on your box will help, it can only be mitigated upstream / waited out. Like the SSH ATTACK whiners, the feelgood "block" above is really just hiding some minor personal annoyance, kernel time, and return traffic. The latter two being relavent only if you $pay for them. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
