DDoS stands for Distributed Denial of Service attack. A distributed attack is an attack from multiple sources. DDoS attacks aim to flood your server and connection with requests which in turn causes a queue of requests whilst the server attempts to service them. This renders your server inaccessible until the server has processed the requests queue. IPtables can help to stop some DDoS attacks on VPS Servers and Dedicated Servers but it has a simple problem. Instead of the requests piling up in the server, you move the problem to the point of entry. Your network card.
The traffic will flood the connection to the server and in turn, take the server down. First2Host can provide a managed firewall service to all customers. You can offload your IPtables firewall rules to our managed Firewall which sits at the point of entry to the network. Protecting not just your server but your connection too.
How To Stop Null Packets
IPtables can help stop DDoS Null packets are flag-less TCP packets. Attackers usually use bots to scan servers for weaknesses in their firewall configuration. These bots produce empty packets and IPtables can be configured to automatically block these types of requests making it hard for a malicious user to find any errors in your firewall configuration.
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROPThe above rule will tell IPtables to drop (refuse) flag-less packets
How To Stop SYN-Flood Attacks
This type of attack is when a malicious user can connect to your server without sending or receiving any information. The main reason a user would do this is to consume the resources on your server. You can use the rule below to block SYN-Flood attacks
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROPHow To Stop XMAS Packets
Iptables DDoS XMAS Packets are malformed packets of data and as a rule of thumb you should block these
sudo iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROPSaving your new IPtables Configuration
Debian & Ubuntu
iptables-save > /etc/network/iptablesCentOS & Red Hat Linux
iptables-save > /etc/sysconfig/iptablesTo ensure your new IPtables configuration loads on Debian and Ubuntu you should add the following line to the /etc/rc.local file.
/sbin/iptables-restore /etc/network/iptables
