[Pool] defending against DDoS attacks

Scott Baker bakers at canbytel.com
Fri Feb 21 18:52:15 UTC 2014


On 02/21/2014 07:08 AM, Brian Rak wrote:
> So far, I've seen this exact situation play out multiple times.
> Someone says 'What iptables rules do I need?' or 'I came up with these
> iptables rules', and it turns out they still have monlist enabled. 
> These problems tend to go away when you disable monlist (unless you're
> actually the target of an attack) 

What I saw was a server that WAS serving monlist packets. I corrected
the config to fix this, and was still seeing 2000+ packets a second
incoming. The IPTables rule stops that, and other abusive (too chatty)
clients.

Never hurts to have two lines of defense.

-- 
Scott Baker - Canby Telcom 
System Administrator - RHCE - 503.266.8253



More information about the pool mailing list