|
Title: does endian community 2.4.1 or 2.5.1 include ddos and sync flood? Post by: hntri on Wednesday 08 February 2012, 02:29:23 am hi all
i'm newbies.i try to find endian community moduln guides. but i can't find it. i have 2 questions. could someone support me. - does endian community support ddos,sync flood,icmp protect? how can i active that rules? - does endia community support full snort in line(IPS). how to use it in endian.... thanks for your advise! P/s: sorry about my bad english. Title: Re: does endian community 2.4.1 or 2.5.1 include ddos and sync flood? Post by: endianupdate on Wednesday 08 February 2012, 08:25:33 am Endian Firewall does not have an option in the web interface to set these options directly, you can enable the 'Intrusion Prevention' service, select your Snort policies and set them to Drop (the default is Alert only) but these will not deal directly with DDOS attacks.
Iptables can be used to block some DDOS attacks but you will need to SSH in to the Endian Firewall to enter these as it cannot be done through the web interface. e.g. to limit the amout of tcp connections per minute to a web server : iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT e.g. to limit the number of syn connections per second iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 4 -j ACCEPT Hope this helps Title: Re: does endian community 2.4.1 or 2.5.1 include ddos and sync flood? Post by: hntri on Wednesday 08 February 2012, 05:55:20 pm thank for your support.
i know that rules for iptables ( search by google) and some script for iptables.but i dont k ow where i edit it in iptables config.because iptables of endian have a lot of rules(sorry i'm a newbies in unix.i only use window base). could you give me some fearture or some solutions of endian iptables. and could you give me guide for config endian protect ddos and sync flood( and full snort rules for ddos protect) thabks for your advise.and i sorry about i have alot of questions . |