Basically, I created this kernel configuration based on a post by JavaPipe. I've modified their recommended configuration to work with OpenVZ 6, a virtualization platform. If you use it, please give credit to "Jayson Fong" and "JavaPipe", thanks. It's a kernel configuration in which filters packets on the system itself, this can be used on a mitigation server or on the server you're running things on itself and it'll filter out what it believes to be dangerous packets however has limited capabilities Here ye go: PHP: You Must Register to View Code Statistics from TCPDump: <1 Second 4 packets captured 414 packets received by filter 380 packets dropped by kernel ~3 Seconds 1307 packets captured 2440 packets received by filter 1103 packets dropped by kernel <1 Second During an Attack 152 packets captured 173755 packets received by filter 173549 packets dropped by kernel "packets dropped by kernel" Statistics are before the packets reach the firewall.
Allow me to rephrase it to a kernel configuration in which filters packets on the system itself, this can be used on a mitigation server or on the server you're running things on itself and it'll filter out what it believes to be dangerous packets however has limited capabilities.
There we go . I looked over it, and it seems to be pretty legit. I have some criticism, in no way am I trying to trash your thread. -How would it distinguish legitimate high load compared to a DDOS? From what I understand, this looks like a low-level version of rate limiting, except it's global. It's like rate limiting an API, except having a global rate limit for everyone's requests. Under a DDOS, how can it selectively respond to legit clients? If many packets are dropped, then woudn't the denial of service still deny service? That means that the config just protects the server under a DDoS - with is important, of course.