How to use IPtables to stop common DDOS attacks

How to use IPtables to stop common DDOS attacks

DDOS stands for Distributed Denial of Service attack. A distributed attack is an attack from multiple sources. DDOS attacks aim to flood your server and connection with requests which in turn causes a queue of requests whilst the server attempts to service them. This renders your server inaccessible until the server has processed the requests queue. All of our servers, including VPS servers, can handle up to 10 GBPS of traffic requests making it extremely difficult for a DDOS attack targeted at one of our servers to be effective. DDOS mitigation is automatic but some users may want to add some default rules to IPtables to help prevent a DDOS in the first place.

Since CentOS 7 IPtables was replaced by firewalld but IPtables is still available to use. This guide assumes you’re using IPtables. You can add each rule by pasting the rule into a command prompt as the root user.

Dedicated Server Hosting

How To Stop Null Packets

Null packets are flag-less TCP packets. Attackers usually use bot to scan servers for weaknesses in their firewall configuration. These bots produce empty packets and IPtables can be configured to automatically block these types of requests making it hard for a malicious user to find any errors in your firewall configuration.

iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

The above rule will tell IPtables to drop (refuse) flag-less packets

How To Stop SYN-Flood Attacks

This type of attack is when a malicious user can connect to your server without sending or receiving any information. The main reason a user would do this is to consume the resources on your server.  You can use the rule below to block SYN-Flood attacks

iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

How To Stop XMAS Packets

XMAS Packets are malformed packets of data and as a rule of thumb you should block these

sudo iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

Free cPanel VPS License

Saving your new IPtables Configuration

Debian & Ubuntu

iptables-save > /etc/network/iptables

CentOS & Red Hat Linux

iptables-save > /etc/sysconfig/iptables

To ensure your new IPtables configuration loads on Debian and Ubuntu you should add the following line to the /etc/rc.local file.

/sbin/iptables-restore /etc/network/iptables

How was this article?

How to use IPtables to stop common DDOS attacks
11 4.9 98.18%

Dedicated Servers Server Security VPS Servers

Select Language
We are currently updating our website. Please accept our apologies for any disruption you may see.
+