API tools faq
paste
Guest User

Untitled

a guest
Dec 17th, 2018
178
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Clone C++ 2.93 KB | None | 0 0
raw download clone embed print report
  1. ##### Begin DoS Prevention #####
  2. echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
  3. echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
  4. echo 1 > /proc/sys/net/ipv4/ip_forward
  5.  
  6. # the following two parametes will break at least emule and are way too low to make sense
  7. #echo 1024 > /proc/sys/net/ipv4/ipfrag_high_thresh
  8. #echo 512 > /proc/sys/net/ipv4/ipfrag_low_thresh
  9. echo 64000 > /proc/sys/net/ipv4/ipfrag_high_thresh
  10. echo 48000 > /proc/sys/net/ipv4/ipfrag_low_thresh
  11.  
  12. echo 10 > /proc/sys/net/ipv4/ipfrag_time
  13. echo 5 > /proc/sys/net/ipv4/icmp_ratelimit
  14. echo 1 > /proc/sys/net/ipv4/tcp_syncookies
  15. echo 0 > /proc/sys/net/ipv4/conf/eth0/accept_source_route
  16. echo 0 > /proc/sys/net/ipv4/conf/eth0/accept_redirects
  17. echo 1 > /proc/sys/net/ipv4/conf/eth0/log_martians
  18. echo 10 > /proc/sys/net/ipv4/neigh/eth0/locktime
  19. echo 0 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
  20. echo 50 > /proc/sys/net/ipv4/neigh/eth0/gc_stale_time
  21.  
  22. # The following entries secure the last bit and provide a
  23. # moderate protection against man-in-the-middle attacks.
  24. echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
  25. echo 0 > /proc/sys/net/ipv4/conf/eth0/secure_redirects
  26. echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
  27. echo 5 > /proc/sys/net/ipv4/igmp_max_memberships
  28. echo 2 > /proc/sys/net/ipv4/igmp_max_msf
  29. echo 1024 > /proc/sys/net/ipv4/tcp_max_orphans
  30. echo 2 > /proc/sys/net/ipv4/tcp_syn_retries
  31. echo 2 > /proc/sys/net/ipv4/tcp_synack_retries
  32. echo 1 > /proc/sys/net/ipv4/tcp_abort_on_overflow
  33. echo 10 > /proc/sys/net/ipv4/tcp_fin_timeout
  34. echo 0 > /proc/sys/net/ipv4/route/redirect_number
  35. echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
  36. echo 1 > /proc/sys/net/ipv4/conf/eth1/rp_filter
  37. echo 1 > /proc/sys/net/ipv4/tcp_syncookies
  38. echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
  39. echo 61 > /proc/sys/net/ipv4/ip_default_ttl
  40.  
  41. # DoS protection by tweaking the timeouts
  42. echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
  43. echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
  44. echo 0 > /proc/sys/net/ipv4/tcp_sack
  45.  
  46. # We pretend to be a Checkpoint firewall on Windows XP :P~
  47. echo 4096 87380 4194304 >/proc/sys/net/ipv4/tcp_rmem
  48. echo 4096 87380 4194304 >/proc/sys/net/ipv4/tcp_wmem
  49.  
  50. # Check network overload (explicit congestion notification)
  51. echo 1 > /proc/sys/net/ipv4/tcp_ecn
  52.  
  53. # Change port range for outgoing traffic
  54. echo "1025 60000" > /proc/sys/net/ipv4/ip_local_port_range
  55.  
  56. # Change default queue size
  57. # Modified for DD-WRT because of missing proc entries
  58. echo 4096 > /proc/sys/net/ipv4/ip_conntrack_max
  59.  
  60. # shut some DoS stuff down
  61. echo 1 > /proc/sys/net/ipv4/tcp_syncookies
  62. echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
  63. echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
  64.  
  65. # increase the SYN backlog queue
  66. echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
  67. echo 0 > /proc/sys/net/ipv4/tcp_sack
  68. echo 0 > /proc/sys/net/ipv4/tcp_timestamps
  69.  
  70. ## stop forks
  71. echo 64000 > /proc/sys/fs/file-max
  72. ulimit -n 64000
  73.  
  74. ## enjoi .. beware SOME vps wont let ya near these files, but dedis will, and, good vps will... -xd-
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!