Announcement Announcement Module
Collapse
No announcement yet.
SSH PORTFLOOD Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • SSH PORTFLOOD

    Hi,

    "SSH PORTFLOOD" This option configures iptables to offer protection from DOS attacks against specific ports.

    This option limits the number of connections per time interval that new connections can be made to specific ports.

    Basically the PORTFLOOD limit for SSH is set to the default of 5 per 120 seconds which found to be excessively low for SFTP use. It is better to inrease the default value to 15 so that the client's IP address won't block frequently and whitelisting an IP is not needed.

    We can increase the limits in the CSF configuration file. Please follow the below instructions.

    Code:
    # vi /etc/csf/csf.conf
    PORTFLOOD is a comma separated list of:

    port;protocol;hit count*;interval seconds So, a setting of PORTFLOOD = "22;tcp;5;300,80;tcp;20;5" means:

    1. If more than 5 connections to tcp port 22 within 300 seconds, then block that IP address from port 22 for at least 300 seconds after the last packet is seen, i.e. there must be a "quiet" period of 300 seconds before the block is lifted.

    2. If more than 20 connections to tcp port 80 within 5 seconds, then block that IP address from port 80 for at least 5 seconds after the last packet is seen, i.e. there must be a "quiet" period of 5 seconds before the block is lifted.
    Last edited by afsal; 13th January 2015, 10:47 AM.
Tag Cloud Tag Cloud Module
Collapse
Working...
X