⑴免疫某些类型的小规模 DDos 攻击:
⑵# Connection Tracking. This option enables tracking of all connections from IP
⑶# addresses to the server. If the total number of connections is greater than
⑷# this value then the offending IP address is blocked. This can be used to help
⑸# prevent some types of DOS attack.
⑹# Care should be taken with this option. It’s entirely possible that you will
⑺# see false-positives. Some protocols can be connection hungry, e.g. FTP, IMAPD
⑻# and HTTP so it could be quite easy to trigger, especially with a lot of
⑼# closed connections in TIME_WAIT. However, for a server that is prone to DOS
⑽# attacks this may be very useful. A reasonable setting for this option might
⑾# be arround .
⑿# To disable this feature, set this to
⒀CT_LIMIT = “”##固定时间内同一个IP请求的此数
⒁# Connection Tracking interval. Set this to the the number of seconds between
⒂# connection tracking scans
⒃CT_INTERVAL = “” ##指上面的固定时间,单位为秒
⒄# Send an email alert if an IP address is blocked due to connection tracking
⒅CT_EMAIL_ALERT = “” ##是否发送邮件
⒆# If you want to make IP blocks permanent then set this to , otherwise blocks
⒇# will be temporary and will be cleared after CT_BLOCK_TIME seconds
⒈# 是否对可疑IP采取永久屏蔽,默认为,即临时性屏蔽。
⒉CT_PERMANENT = “”
⒊# If you opt for temporary IP blocks for CT, then the following is the interval
⒋# in seconds that the IP will remained blocked for (e.g. = mins
⒌# 临时性屏蔽时间
⒍CT_BLOCK_TIME = “”
⒎# If you don’t want to count the TIME_WAIT state against the connection count
⒏# then set the following to “〃
⒐CT_SKIP_TIME_WAIT = “” ##是否统计TIME_WAIT链接状态
⒑# If you only want to count specific states (e.g. SYN_RECV then add the states
⒒# to the following as a ma separated list. E.g. “SYN_RECV,TIME_WAIT”
⒓# Leave this option empty to count all states against CT_LIMIT
⒔CT_STATES = “” ##是否分国家来统计,填写的是国家名
⒕# If you only want to count specific ports (e.g. , then add the ports
⒖# to the following as a ma separated list. E.g. “,〃
⒗# Leave this option empty to count all ports against CT_LIMIT
⒘# 对什么端口进行检测,为空则检测所有,防止ssh的话可以为空,统计所有的。
⒙CT_PORTS = “”
⒚做了以上设置之后,可以先测试一下。如果没有问题的话,就更改为正式模式,刚才只是测试模式。
⒛# 把默认的修改为。
①TESTING = “”
②在/etc/csf/下有csf.allow和csf.deny两个文件,
③allow是信任的IP,可以把自己的IP写到这里面防止误封。
④deny就是被封的IP。
⑤如果有调整需要重启一下cfs服务
⑥上面就是Linux防止攻击的方法介绍了,很多时候用户网站被攻击了自己都不知道,所以定期的检测是很有必要的。