Portflood Rule

You need to login to server as root and open csf file & add below rule.

——
PORTFLOOD = “26;tcp;20;300”
——

This rule blocks IPs that connect to port 26 via TCP more than 20 times within 300 seconds for 300 seconds. Most of the packets are to port 26, so this should stop the attack. If you need to add rules like this they are located in /etc/csf/csf.conf and the fields are as follows:

——–
port;protocol;numberofhits;backofftime
——–

Back off time is in seconds and marks the initial time interval the connections occur during and the time the IP will remained blocked after sending it’s last packet to the port.

 

Both comments and pings are currently closed.

Comments are closed.