New NTP DDoS target hack
This commit is contained in:
bbruns
parent
a53a37914a
commit
5389735855
@ -163,7 +163,7 @@ function apply_ipv4_hack {
|
|||||||
# Rate limit NTP DDOS UDP traffic using rules provided on the nanog list by
|
# Rate limit NTP DDOS UDP traffic using rules provided on the nanog list by
|
||||||
# pashdown@xmission.com
|
# pashdown@xmission.com
|
||||||
$IPTABLES -N NTP
|
$IPTABLES -N NTP
|
||||||
$IPTABLES -I 1 BLACKHOLE -m recent --set --name ntpv4blackhole --rsource
|
$IPTABLES -I BLACKHOLE 1 -m recent --set --name ntpv4blackhole --rsource
|
||||||
$IPTABLES -A NTP -m recent --update --seconds 5 --hitcount 20 --name \
|
$IPTABLES -A NTP -m recent --update --seconds 5 --hitcount 20 --name \
|
||||||
ntpv4 --rsource -j BLACKHOLE
|
ntpv4 --rsource -j BLACKHOLE
|
||||||
$IPTABLES -A NTP -m recent --update --seconds 5 --hitcount 2 --name \
|
$IPTABLES -A NTP -m recent --update --seconds 5 --hitcount 2 --name \
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user