Comic Discussion > QUESTIONABLE CONTENT
WCDT: 2411-2415 (25-29 March, 2013) Weekly Comic Discussion Thread
ankhtahr:
Couldn't
--- Code: --- iptables -A INPUT -p tcp --syn -m limit --limit 1 /s --limit-burst 8 -j DROP
--- End code ---
help against DDOS? Simple iptables rule, which allows only one new connection per IP per second, when there're already 8 open connections from this IP. Won't help with the bandwidth and the traffic, as the packages are being dropped at the INPUT chain of the server, but at least Apache will continue to work.
And I really was hoping for a car ride comic. But I also really like the idea of a comic similar to this, from the perspective of Claire. We want to know what Claire thinks about it!
Sidhekin:
The trouble with DDOS is the first D: distributed.
It's not "from this IP". It's from a shitload of different IPs. Zombie PCs, usually.
You want to help against DDOS?
Ditch Microsoft Windows! :-P
ankhtahr:
Even very big DDOS attacks get slowed down, if you allow only 8 connections per IP. Of course the rule I posted works only for TCP DDOSing/SYN-flooding.
pwhodges:
I've asked, as a matter of curiosity, for more info - but I don't know if I'll get any.
Border Reiver:
So, Marten's confused about a woman - what else is new?
And that in itself is quite refreshing.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version