Linux系统如何防止CC攻击(2)

　　免疫某些类型的小规模 DDos 攻击：

　　# Connection Tracking. This option enables tracking of all connections from IP

　　# addresses to the server. If the total number of connections is greater than

　　# this value then the offending IP address is blocked. This can be used to help

　　# prevent some types of DOS attack.

　　#

　　# Care should be taken with this option. It’s entirely possible that you will

　　# see false-positives. Some protocols can be connection hungry， e.g. FTP， IMAPD

　　# and HTTP so it could be quite easy to trigger， especially with a lot of

　　# closed connections in TIME_WAIT. However， for a server that is prone to DOS

　　# attacks this may be very useful. A reasonable setting for this option might

　　# be arround 200.

　　#

　　# To disable this feature， set this to 0

　　CT_LIMIT = “200”##固定时间内同一个IP请求的此数

　　# Connection Tracking interval. Set this to the the number of seconds between

　　# connection tracking scans

　　CT_INTERVAL = “30” ##指上面的固定时间，单位为秒

　　# Send an email alert if an IP address is blocked due to connection tracking

　　CT_EMAIL_ALERT = “1” ##是否发送邮件

　　# If you want to make IP blocks permanent then set this to 1， otherwise blocks

　　# will be temporary and will be cleared after CT_BLOCK_TIME seconds

　　# 是否对可疑IP采取永久屏蔽，默认为0，即临时性屏蔽。

　　CT_PERMANENT = “0”

　　# If you opt for temporary IP blocks for CT， then the following is the interval

　　# in seconds that the IP will remained blocked for （e.g. 1800 = 30 mins）

　　# 临时性屏蔽时间

　　CT_BLOCK_TIME = “1800”

　　# If you don’t want to count the TIME_WAIT state against the connection count

　　# then set the following to “1〃

　　CT_SKIP_TIME_WAIT = “0” ##是否统计TIME_WAIT链接状态

　　# If you only want to count specific states （e.g. SYN_RECV） then add the states

　　# to the following as a comma separated list. E.g. “SYN_RECV，TIME_WAIT”

　　# Leave this option empty to count all states against CT_LIMIT

　　CT_STATES = “” ##是否分国家来统计，填写的是国家名

　　# If you only want to count specific ports （e.g. 80，443） then add the ports

　　# to the following as a comma separated list. E.g. “80，443〃

　　#

　　# Leave this option empty to count all ports against CT_LIMIT

　　# 对什么端口进行检测，为空则检测所有，防止ssh的话可以为空，统计所有的。

　　CT_PORTS = “”

　　做了以上设置之后，可以先测试一下。如果没有问题的话，就更改为正式模式，刚才只是测试模式。

　　# 把默认的1修改为0。

　　TESTING = “0”

　　在/etc/csf/下有csf.allow和csf.deny两个文件，

　　allow是信任的IP，可以把自己的IP写到这里面防止误封。

　　deny就是被封的IP。

　　如果有调整需要重启一下cfs服务

　　上面就是Linux防止CC攻击的方法介绍了，很多时候用户网站被CC攻击了自己都不知道，所以定期的检测是很有必要的。