• Limiting Connections Using IPTables

    Just recently I have been experiencing a DoS-like attack on one of my systems. The system has been receiving several requests from a single ip, say, 6000+requests from a single client every 1~2 minutes. So, this was the culprit of a system crash for over a day.

    client request flood

    I have implemented several options of blocking this. One strategy would be to add the ip-address to the deny-list in .htaccess.

    memory free after blocking with .htaccess

    But what if it is just an uncontrolled influx of requests that are, in turn also relevant to us but we just want to limit it? I tried another approach which is to create a built-in limiter via script using php. By adding a new table in the database which tracks how many requests the client has already sent and by restricting all succeeding requests once the limit has been reached. This strategy did not solve the problem, it still added to the hog of server-resources.

    The last strategy I tried was to resort to IPTables. Using IPTables lets you utilize the operating system firewall, in my case, Linux’s. I have added some restrictions to the client’s IP address by only limiting it to a few concurrent requests only, but before this, the client is sending at around 100+ requests and this is incremental.

    This is how I did it:
    Execute this script via ssh:
    [cc lang=”dos” tab_size=”2″ lines=”-1″]
    iptables -A INPUT -p tcp –syn –dport 80 -m connlimit –connlimit-above 9 -j REJECT -s “127.0.0.1”
    [/cc]
    where: 127.0.0.1 or any ip is the client that you need to limit.
    where: 80 or any port that you need to limit
    where: –connlimit-above x (x is the number of connections you want to limit to)

    You may also list down all IPTables’ current rules using this command:
    [cc lang=”dos” tab_size=”2″ lines=”-1″]
    iptables -L
    [/cc]

    And then finally, you may also flush all current rules of IPTables using this command:
    [cc lang=”dos” tab_size=”2″ lines=”-1″]
    iptables -F
    [/cc]

    I have learned about IPTables when I was searching for a way to limit client / host connections into my servers.

    Check any of these links for more information on setting up IPTables
    http://www.linuxhelp.in/2011/04/how-to-limit-connections-from-one-ip.html
    http://www.cyberciti.biz/faq/iptables-connection-limits-howto
    http://www.thegeekstuff.com/2011/01/iptables-fundamentals
    http://www.thegeekstuff.com/2010/07/list-and-flush-iptables-rules
    http://www.thegeekstuff.com/2011/01/redhat-iptables-flush

  • The First Medal

    I’ve heard a lot of things like ‘prevention is better than cure’ or ‘live long, start walking’. Until then I just kept ignoring statements and advises from people that urge me to get out of my seat and start doing some activities that will help provide a better lifestyle.

    While it is true that I don’t drink nor do I smoke, but the point is, like other people who enjoy being solitary and keep still most of the time I gain weight and eat like there’s no tomorrow.

    Lately, I’ve been thinking – The outdoors is quite fun! So I decided to take a walk, and before I knew it I started jogging. Quite the initiative you might say, but it is the environment that took me away from my seat.

    I decided to join a race recommended by a friend. He told me that, unlike a mountainous region where we live – the road is flat and easier to route. I joined the 21k or 21-kilometer category, a half-marathon run. Look what I got!

    I’ve never been into any sport in my life so I’m pretty useless when it comes to physical activities. I only slack around and keep still until I find something to do worthwhile, that is, if I’m not in front of the computer working or playing.

    I managed to get out of my seat and start running. Its fun! It perhaps gives me a reason to find more meaning in life – not so sure about this but I’m willing to find out!

  • 4-day Escapade

    Granted a 4-day long-weekend, I decided to go and visit my bro at Binmaley, Pangasinan. Look at the shots that I got!

    All work no play? well, just don’t forget to stretch your legs once in a while..