salima
11-02-2013, بتوقيت غرينيتش 12:49 AM
هذا سكربت bash لازم تكون روت لتنفيذه :
رمز Code:
#!/bin/bash /sbin/modprobe ip_tables /sbin/modprobe ip_conntrack /sbin/modprobe ip_conntrack_ftp rm /root/.dyn* echo 'Setting kernel tcp parameters to reduct DoS effects' #Reduce DoS'ing ability by reducing timeouts echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time echo 1 > /proc/sys/net/ipv4/tcp_window_scaling echo 0 > /proc/sys/net/ipv4/tcp_sack echo 1280 > /proc/sys/net/ipv4/tcp_max_syn_backlog #ANTISPOOFING for a in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $a done ## #NO SOURCE ROUTE for z in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo 0 > $z done #SYN ******S echo 1 > /proc/sys/net/ipv4/tcp_syn******s echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts #echo $ICMP_ECHOREPLY_RATE > /proc/sys/net/ipv4/icmp_echoreply_rate echo '1' > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses echo '1' > /proc/sys/net/ipv4/conf/all/accept_redirects echo '1' > /proc/sys/net/ipv4/conf/all/log_martians # NUMBER OF CONNECTIONS TO TRACK echo '65535' > /proc/sys/net/ipv4/ip_conntrack_max # Set default policies /sbin/iptables -P INPUT ACCEPT /sbin/iptables -P OUTPUT ACCEPT /sbin/iptables -P FORWARD DROP /sbin/iptables -F /sbin/iptables -F INPUT /sbin/iptables -F OUTPUT /sbin/iptables -F FORWARD /sbin/iptables -F -t mangle /sbin/iptables -X /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A INPUT -d 127.0.0.0/8 -j REJECT /sbin/iptables -A INPUT -i eth0 -j ACCEPT /sbin/iptables -A INPUT -m state --state INVALID -j DROP ### chains to DROP too many SYN-s ###### /sbin/iptables -N syn-flood /sbin/iptables -A syn-flood -m limit --limit 100/second --limit-burst 150 -j RETURN /sbin/iptables -A syn-flood -j LOG --log-prefix 'SYN flood: ' /sbin/iptables -A syn-flood -j DROP
https://fbcdn-sphotos-d-a.akamaihd.net/hphotos-ak-ash4/482113_236967293114455_1193518507_n.png (http://www.dzbatna.com)
©المشاركات المنشورة تعبر عن وجهة نظر صاحبها فقط، ولا تُعبّر بأي شكل من الأشكال عن وجهة نظر إدارة المنتدى (http://www.dzbatna.com)©
رمز Code:
#!/bin/bash /sbin/modprobe ip_tables /sbin/modprobe ip_conntrack /sbin/modprobe ip_conntrack_ftp rm /root/.dyn* echo 'Setting kernel tcp parameters to reduct DoS effects' #Reduce DoS'ing ability by reducing timeouts echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time echo 1 > /proc/sys/net/ipv4/tcp_window_scaling echo 0 > /proc/sys/net/ipv4/tcp_sack echo 1280 > /proc/sys/net/ipv4/tcp_max_syn_backlog #ANTISPOOFING for a in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $a done ## #NO SOURCE ROUTE for z in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo 0 > $z done #SYN ******S echo 1 > /proc/sys/net/ipv4/tcp_syn******s echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts #echo $ICMP_ECHOREPLY_RATE > /proc/sys/net/ipv4/icmp_echoreply_rate echo '1' > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses echo '1' > /proc/sys/net/ipv4/conf/all/accept_redirects echo '1' > /proc/sys/net/ipv4/conf/all/log_martians # NUMBER OF CONNECTIONS TO TRACK echo '65535' > /proc/sys/net/ipv4/ip_conntrack_max # Set default policies /sbin/iptables -P INPUT ACCEPT /sbin/iptables -P OUTPUT ACCEPT /sbin/iptables -P FORWARD DROP /sbin/iptables -F /sbin/iptables -F INPUT /sbin/iptables -F OUTPUT /sbin/iptables -F FORWARD /sbin/iptables -F -t mangle /sbin/iptables -X /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A INPUT -d 127.0.0.0/8 -j REJECT /sbin/iptables -A INPUT -i eth0 -j ACCEPT /sbin/iptables -A INPUT -m state --state INVALID -j DROP ### chains to DROP too many SYN-s ###### /sbin/iptables -N syn-flood /sbin/iptables -A syn-flood -m limit --limit 100/second --limit-burst 150 -j RETURN /sbin/iptables -A syn-flood -j LOG --log-prefix 'SYN flood: ' /sbin/iptables -A syn-flood -j DROP
https://fbcdn-sphotos-d-a.akamaihd.net/hphotos-ak-ash4/482113_236967293114455_1193518507_n.png (http://www.dzbatna.com)
©المشاركات المنشورة تعبر عن وجهة نظر صاحبها فقط، ولا تُعبّر بأي شكل من الأشكال عن وجهة نظر إدارة المنتدى (http://www.dzbatna.com)©
