Linux Solutions

Welcome to the tutorial guide. The tutorial guide will provide a user with guidance and instructions on rate limit ICMP to prevent dDoS. Pleae note that recently, distributed denial of service attacks have become a major nuisance on the Internet. By properly filtering and rate limiting of the network, a user can prevent becoming a casualty and the cause of the service attacks.
A user should filter his/her networks so that he/she does not allow non-local IP source addressed packets to leave his/her network. This stops people from anonymously sending junk to the Internet.
Please note the ASCIIgram again:
[The Internet] —— [Linux router] — [Office+ISP]
eth1 eth0

A user has to set up the prerequisite parts:
# tc qdisc add dev eth0 root handle 10: cbq bandwidth 10Mbit avpkt 1000
# tc class add dev eth0 parent 10:0 classid 10:1 cbq bandwidth 10Mbit rate \
10Mbit allot 1514 prio 5 maxburst 20 avpkt 1000
If a user has 100Mbit, or more, interfaces, then a user can adjust these numbers. After that a user has to determine how much ICMP traffic that he/she wants to allow. A user can perform measurements with tcpdump, by having it write to a file for a while, and seeing how much ICMP passes his/her network.
In order to setup a class please view following:
# tc class add dev eth0 parent 10:1 classid 10:100 cbq bandwidth 10Mbit rate \
100Kbit allot 1514 weight 800Kbit prio 5 maxburst 20 avpkt 250 \
bounded
This limits at 100Kbit. Now a user needs a filter to assign ICMP traffic to this class:
# tc filter add dev eth0 parent 10:0 protocol ip prio 100 u32 match ip
protocol 1 0xFF flowid 10:100

If you followed this tutorial guide then you would have learnt about the rate limit ICMP to prevent dDoS.