After last night's DDoS attack at the HE datacenter, I'm a bit curious about what I should install on my linode to protect against such an attack. I've been reading up on the packet flow rate options in iptables, but I wondered if anyone could recommend a really good tutorial/HOWTO/example of what an ideal iptables firewall setup to defend against DDoS would be. A lot of the documentation is very abstract--detailing every possible option you could implement with the software. Something that broke it down down more concretely for those of us that are learning about it would be ideal.

I've already got an iptablesrocks.org setup in place (that *seems* to be working nicely), but I need to pay attention to the DDoS side of things for those ports that are open...

Thanks in advance for your help!
j.

DoS attacks that don't fill our bandwidth capacity (at the switch) only render the Linode and the host that Linode is on inaccessible. A few things had to happen to affect everyone like it did last night. It has more to do with the networking hardware than your configuration. DoS attacks are best handled either on my end or upstream.

Of course, what you can do is not attrack DoS attacks in the first place, which I doubt you would

-Chris

Caker were these attacks coming from the linode or going to it. If they were coming from is there any way to check if they are coming from ours. I love my linode and dont want to a part of that parade.

It was going TO a Linode (not yours). If it was coming FROM, that would be a clearer case of abuse.

-Chris

You could always install some additional apache modules to help - mod_dosevasive, mod_throttle, and mod_security. A few searches on WHT throws up some good info regarding these modules.

They are not a perfect solution, but may help somewhat against attacks.