How to prevent TCP network flood triggered by KVM VPS clients?

Question

How to to protect nodes/ detect and block KVM VPS clients that TCP flood the network ?

I use SolusVM VPS management system.

Recently one abuser toke several VPSs and flood it the datacenter network. Luckily I manually found him but I need some automatic solution.

I need something to set a PPS value 15k packets per second, run the script under a cron which checks every VPS packets per second - if it matches that value or exceed it shuts off the VPS and emails me with the date/time - vpsid - packet count. Does anyone have similar script ?

Try to use iptables or/and fail2ban. – Alexander Vasylev Jul 12 '15 at 08:04 — Alexander Vasylev, Jul 12 '15 at 08:04
fail2ban can't do that, what iptable rule will do it ? – Blazer Jul 12 '15 at 18:45 — Blazer, Jul 12 '15 at 18:45

Alexander Vasylev · Answer 1 · 2015-07-13T04:50:02.517

0

Enable some logging client traffic, example iptables log, count tcp connects from each client with fail2ban, block bad guys with iptables rules.

Another way, I think, you can use the connlimit modules which allows you to restrict the number of parallel TCP connections.

edited Jul 13 '15 at 04:50

answered Jul 13 '15 at 04:42

Alexander Vasylev

56
3

How to prevent TCP network flood triggered by KVM VPS clients?

1 Answers1