connlimit in RHEL kernel

Mailing List

Home

Forum Home

Linux - General Red Hat Linux discussion list

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Installation - Getting started with Red Hat Linux

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	X Windows problem (xauth)
•	Upgrading openoffice 1 1 rpm
•	FTP: connection refused
•	FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	broadcom network interface
•	make mrproper
•	sendmail configuration on redhat
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	Promise 378 controller
•	kernel 2 6 and /dev/sound/mixer not found
•	Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	Lotus Notes under Wine
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	Command stream end of file while reading
•	rpm database corrupt
•	qla2300 modules

connlimit in RHEL kernel

connlimit in RHEL kernel

2005-01-14 - By Milan Keral?ger

Back

Reply: 1 2 3 4 5

On Mon, Jan 10, 2005 at 12:52:04AM +0100, Milan Ker?l??ger wrote:
> Hi,
>
> I just experienced a DoS on our RHEL3 server. It seems to me that this
> could be easy to use connlimit feature in iptables, but there is none in
> RHEL3 and RHEL4 Beta 2 has only module for (command) iptables:
>
> /lib/iptables/libipt_connlimit.so
>
> So how I have to deal in Enterprise environment with simple DoS attack?

For those who interested I made a patched kernel with connlimit (only
this extension) from patch-o-matic
(http://www.netfilter.org/patch-o-matic/) with updated iptables package:

ftp://ftp.pslib.cz/pub/users/Milan.Kerslager/RHEL-3/testing.connlimit/
ftp://ftp.vslib.cz/pub/local/milan.kerslager/RHEL-3/testing.connlimit/
ftp://ftp.linux.cz/pub/linux/people/milan_kerslager/RHEL-3/testing.connlimit/

This is a yum repository so you may add this section to your
/etc/yum.conf and do 'yum update':

[kernel-connlimit]
name=Testing kernel with connlimit patch
baseurl=ftp://ftp.pslib.cz/pub/users/Milan.Kerslager/RHEL-3/testing.connlimit/
ftp://ftp.vslib.cz/pub/local/milan.kerslager/RHEL-3/testing.connlimit/
ftp://ftp.linux.cz/pub/linux/people/milan_kerslager/RHEL-3/testing
.connlimit/

It just Works for me [TM]. It keeps my SMTP server under moderated load
instead of DoS from machines with spyware (on three servers each with 3
to 30 thousands of mails per day).

As I'm unable to let my servers go to its knees I'l maintain those
kernels for some time until there will be an official solution from RH
(like other packages in my repo). The patch in non-intrusive (only one
module for iptables) so it's safe and easy to patch the kernel*src.rpm.

See http://www.netfilter.org/patch-o-matic/pom-base.html for more info
about how to use connlimit rules in iptables.

--
Milan Kerslager
E-mail: milan.kerslager@(protected)
WWW: http://www.pslib.cz/ke/

--
Taroon-list mailing list
Taroon-list@(protected)
http://www.redhat.com/mailman/listinfo/taroon-list

Earn $52 per hosting referral at Lunarpages.