Created
September 22, 2017 15:40
-
-
Save droberson/c9f7c81209c8ff25ba4556c5809b50bb to your computer and use it in GitHub Desktop.
iptables throttling
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| This will start logging and block hosts that connect to a host quicker than 10 times in 30 seconds. This severely slows down Nmap scans against you and provides a heads up that you're being scanned by a port scanner or something like dirbuster/sqlmap/hydra that make a lot of connections in rapid succession: | |
| iptables -N LOGGING | |
| iptables -A INPUT -j LOGGING | |
| iptables -A FORWARD -j LOGGING | |
| iptables -A LOGGING -p tcp -i eth0 -m state --state NEW -m recent --set | |
| iptables -A LOGGING -p tcp -i eth0 -m state --state NEW -m recent --update --seconds 30 --hitcount 10 -j LOG --log-prefix "portscan: " --log-level 4 | |
| iptables -A LOGGING -j DROP | |
| # NOTE: Depending on the host's role, this may need to be tuned! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment