{"id":207,"date":"2009-11-25T15:40:39","date_gmt":"2009-11-25T15:40:39","guid":{"rendered":"http:\/\/newblog.mix1009.net\/?p=207"},"modified":"2009-11-25T15:40:39","modified_gmt":"2009-11-25T15:40:39","slug":"linux-iptables-ddos","status":"publish","type":"post","link":"https:\/\/mix1009.net\/?p=207","title":{"rendered":"Linux \ubc29\ud654\ubcbd iptables &#038; DDoS \ubc29\uc5b4?"},"content":{"rendered":"<p>PF\ub85c DDoS \uacf5\uaca9\uc744 \uc5b4\ub290\uc815\ub3c4 \ub9c9\uc73c\uba74\uc11c, iptables\uc5d0\uc11c\ub3c4 \uac00\ub2a5\ud55c\uc9c0 \uad81\uae08\ud574\uc84c\uc2b5\ub2c8\ub2e4. PF \ucc98\ub7fc \uc27d\uac8c \uacf5\uaca9 IP\ub97c \uc644\uc804\ud558\uac8c \ucc28\ub2e8\ud558\ub294 \ubc29\ubc95\uc740 \ucc3e\uc9c0 \ubabb\ud588\uc9c0\ub9cc, IP\ub2f9 \uc2dc\uac04\ub2f9 \uc5f0\uacb0\uc218\ub97c \uc81c\ud55c\ud558\ub294 \ubc29\ubc95\uc740 \uc788\ub124\uc694.<\/p>\n<\/p>\n<div style=\"padding: 10px; background-color: rgb(201, 237, 255);\">iptables -N SSHSCAN<br \/>\niptables -A INPUT -p tcp &#8211;dport 22 -m state &#8211;state NEW -j SSHSCAN<br \/>\niptables -A SSHSCAN -m recent &#8211;set &#8211;name SSH<br \/>\niptables -A SSHSCAN -m recent &#8211;update &#8211;seconds 300 &#8211;hitcount 3 &#8211;name SSH -j DROP<\/div>\n<p>5\ubd84\ub3d9\uc548 22\ud3ec\ud2b8\uc5d0 \ub611\uac19\uc740 IP\uac00 3\ubc88 \uc774\uc0c1\uc758 TCP \uc5f0\uacb0\uc774 \ub4e4\uc5b4\uc624\uba74 \uadf8 \uc774\ud6c4\ub85c\ub294 \ub9c9\uc2b5\ub2c8\ub2e4. \uc989 5\ubd84\uac04 3\uac1c\uc758 \uc5f0\uacb0\ub9cc\uc744 \ud5c8\uc6a9\ud569\ub2c8\ub2e4. SSH \ub3cc\ub9ac\uae30 \uc2e0\uacf5\uc740 \ub9c9\uc744\uc218 \uc788\uaca0\uc9c0\ub9cc, DDoS \uacf5\uaca9\uc744 \ucc28\ub2e8\ud558\uae30\ub294 \ubd80\uc871\ud55c \uae30\uc220\uc778\ub4ef\ud558\ub124\uc694.<\/p>\n<p><a href=\"http:\/\/www.ducea.com\/2006\/06\/28\/using-iptables-to-block-brute-force-attacks\/\" target=\"_blank\">using-iptables-to-block-brute-force-attacks<\/a> \ubb38\uc11c\ub97c \ubcf4\uc2dc\uba74, \uc790\uc138\ud55c \uc124\uba85\uc774 \uc788\uace0, \uacf5\uaca9 \uc544\uc774\ud53c\uc5d0 \ub300\ud574\uc11c \ub85c\uae45\uc744 \ud558\ub294 \ubc29\ubc95\ub3c4 \uc788\uc2b5\ub2c8\ub2e4. \ub85c\uadf8 \ubd84\uc11d\ud574\uc11c iptables rule\uc744 \ub4f1\ub85d\ud574\uc8fc\uba74 \uacf5\uaca9 \uc544\uc774\ud53c\uc5d0 \ub300\ud574\uc11c \ucc28\ub2e8\ud560\uc218 \uc788\uc744\ub4ef\ud558\ub124\uc694. \ud558\uc9c0\ub9cc \uc774 \ubc29\ubc95 \ub9d0\uace0 \ub354 \uc26c\uc6b4 \ubc29\ubc95\uc774 \uc5c6\uc744\uae4c \uace0\ubbfc\uc911\uc785\ub2c8\ub2e4.<\/p>\n<p>\uc5ec\ub7ec\uac00\uc9c0 \ub85c\uadf8 \ud30c\uc77c\uc5d0\uc11c \ub85c\uadf8\uc778 \uc2e4\ud328\ub97c \ubaa8\ub2c8\ud130\ub9c1\ud574\uc11c \uacf5\uaca9\uc744 \ub9c9\uc544\uc8fc\ub294 <a href=\"http:\/\/www.fail2ban.org\/wiki\/index.php\/Main_Page\" target=\"_blank\">fail2ban<\/a> \uc774\ub77c\ub294 \ud234\ub3c4 \uc788\ub124\uc694. \uc124\uba85\uc740 <a href=\"http:\/\/www.ducea.com\/2006\/07\/03\/using-fail2ban-to-block-brute-force-attacks\/\" target=\"_blank\">\uc5ec\uae30<\/a>\ub97c \ucc38\uace0\ud558\uc138\uc694. \uc5ed\uc2dc DDoS \ubc29\uc5b4\uc6a9\uc740 \uc544\ub2c8\uc9c0\ub9cc, \ub85c\uadf8 \ubd84\uc11d\uc744 \ud1b5\ud574\uc11c \ubc29\ud654\ubcbd\uc5d0 IP \ub4f1\ub85d\ud558\ub294\uac78 \uc751\uc6a9\ud560\uc218 \uc788\uc744\ub4ef\ud569\ub2c8\ub2e4.<br \/><font size=\"2\"><br \/>\ucd5c\uadfc <\/font><a href=\"http:\/\/www.amazon.com\/gp\/product\/1593271417\/ref=s9_simz_gw_s3_p14_t1?pf_rd_m=ATVPDKIKX0DER&amp;pf_rd_s=center-2&amp;pf_rd_r=0PEKRBPKQ2N1PSRYKEXS&amp;pf_rd_t=101&amp;pf_rd_p=470938631&amp;pf_rd_i=507846\" target=\"_blank\"><font size=\"2\"><span id=\"btAsinTitle\">Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort<\/span><\/font><\/a><font size=\"2\"><span id=\"btAsinTitle\"> \ucc45\uc744 \ubcf4\uae30 \uc2dc\uc791\ud588\ub294\ub370 \uc880\ub354 \uc88b\uc740 \ubc29\uc5b4 \ubc29\ubc95 \ucc3e\uc73c\uba74 \ub2e4\uc2dc \uae00 \uc62c\ub9ac\uaca0\uc2b5\ub2c8\ub2e4.<br \/><\/span><\/font><\/p>\n","protected":false},"excerpt":{"rendered":"<p>PF\ub85c DDoS \uacf5\uaca9\uc744 \uc5b4\ub290\uc815\ub3c4 \ub9c9\uc73c\uba74\uc11c, iptables\uc5d0\uc11c\ub3c4 \uac00\ub2a5\ud55c\uc9c0 \uad81\uae08\ud574\uc84c\uc2b5\ub2c8\ub2e4. PF \ucc98\ub7fc \uc27d\uac8c \uacf5\uaca9 IP\ub97c \uc644\uc804\ud558\uac8c \ucc28\ub2e8\ud558\ub294 \ubc29\ubc95\uc740 \ucc3e\uc9c0 \ubabb\ud588\uc9c0\ub9cc, IP\ub2f9 \uc2dc\uac04\ub2f9 \uc5f0\uacb0\uc218\ub97c \uc81c\ud55c\ud558\ub294 \ubc29\ubc95\uc740 \uc788\ub124\uc694. iptables -N SSHSCAN iptables -A INPUT -p tcp &#8211;dport 22 -m state &#8211;state NEW -j SSHSCAN iptables -A SSHSCAN -m recent &#8211;set &#8211;name SSH iptables -A SSHSCAN -m recent &#8211;update &#8211;seconds [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[17],"tags":[207,209,210],"_links":{"self":[{"href":"https:\/\/mix1009.net\/index.php?rest_route=\/wp\/v2\/posts\/207"}],"collection":[{"href":"https:\/\/mix1009.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mix1009.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mix1009.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mix1009.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=207"}],"version-history":[{"count":0,"href":"https:\/\/mix1009.net\/index.php?rest_route=\/wp\/v2\/posts\/207\/revisions"}],"wp:attachment":[{"href":"https:\/\/mix1009.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=207"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mix1009.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=207"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mix1009.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=207"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}