Thursday, 24 September 2009

Prevent DDoS attack

Sometimes you can see the following errors in the log file (/var/log/messages) in FreeBSD servers.

Limiting open port RST response from 295 to 200 packets/sec
Limiting open port RST response from 260 to 200 packets/sec

This is the symptom of DDoS attack on the server. We can avoid this by executing the following commands.

sysctl net.inet.udp.blackhole=1
sysctl net.inet.tcp.blackhole=2

This will prevent the server from DDoS attacks.

No comments:

Post a Comment