Competitor Comparison












Shopping Cart

Sales.2016 @ NetworkNightmare

Sales.2016 @


BSD Distributions


Sales @

Linux is a registered trademark of
Linus Torvalds

More Linux Legalese

  • 4 Simple Steps for DDoS Mitigation

    • Assumptions =
    • Capture all incoming and outgoing packets on the network
      • /usr/local/gigEnn/bin/

    • Automatically determine port being used for each connection
      • /usr/local/gigEnn/bin/iptables-gui -data

    • Automatically TARPIT incoming DDoS attacks using IPtables
      • /usr/local/gigEnn/bin/iptables-gui -add
      • You must auto-magically resolve the cause of your Bandwidth usage and/or DDoS problem
      • you could be getting millions of packets per second
      • you could be attacked from thousands of source address

    • Periodically View the Network Performance
      • /usr/local/gigEnn/bin/iptables-gui -load
          -- or --
      • firefox http://localhost/cgi-bin/

  • "DDoS Attackers on the Internet" === you CANNOT Stop-Block-Prevent-Restrict-Limit the incoming DDoS Attacks

  • DDoS Attackers

    DDoS Attackers

    DDoS Attackers

    IPtables BlackList

    • IPtables-GUI uses the output of

      • Hourly/Daily Text Based Incoming traffic data from
        • Hourly text data == /home/apache/html/Stats/Year/Month/Date/Hour/IN.*.txt
        • Minute text data == /home/apache/html/Stats/Year/Month/Date/Hour/MM/IN.*.txt

      • iptables needs to know what/which incoming or outgoing traffic to block

    • IPtables-GUI requires IPtables with TARPIT support for better DDoS protection performance

    • IPtables-GUI definition for DDoS attackers
      • Mail Servers allow connections to port 25 -- ALL other connection attempts are DDoS attackers
      • DNS Servers allow connections to port 53 -- ALL other connection attempts are DDoS attackers
      • Web Servers allow connections to port 80 -- ALL other connection attempts are DDoS attackers
      • -- etc --

      • TCP-based DDoS attacks should be TARPIT'd which force them to pay a penalty to attack the servers
        • dropping, or reject or logging the connection does NOT solve the DDoS problem

      • ARP-based and ICMP-based and UDP-based DDoS attacks are trickier to mitigate

    • IPtables-GUI will only ADD or DELETE to the IPtables BlackList ddos attacker chain
      • next generation version will automatically expire the DDoS attacker

    • IPtables-GUI can manually or automatically ADD the "bandwidth hog" into the iptables BlackList
      • bandwidth hogs and DDoS attackers can be added/tarpit'd per minute ( lots of data )
      • bandwidth hogs and DDoS attackers can be added/tarpit'd per hour
      • bandwidth hogs and DDoS attackers can be added/tarpit'd per day
        • daily updates might be too late .. DDoS attacks usually lasts a few hours
        • low volume (under the radar) attacks are continuous for weeks in duration

    • IPtables-GUI can manually or automatically DELETE un-used rules older than 7 days
      • iptables rules with zero count value
      • iptables rules that hasn't matched in the past 30 days ( "aged" inactive rules )
      • you'd want to minimize the number of iptable rules

    • IPtables-GUI can be run in apache/cgi-bin or from the command line, cron or scripts

    • IPtables-GUI is supported on CentOS-7.2, Debian-Testing, Slackware-14.1, SuSE-TumbleWeed

    • Software Only == Your Linux Server must satisft these System Requirements
    • Order Appliance == IPtables + TARPIT == defend against DDoS attacks
      • $ 5,999 DDoS-OC3e 155Mbit/sec appliance == mini-ITX
      • $ 7,499 DDoS-OC3x 622Mbit/sec gigE appliance == mini-ITX
      • $ 8,999 DDoS-OC12 622Mbit/sec gigE appliance == 1U rackmount
      • $ 11,999 DDoS-OC48 2488Mbit/sec 10gigE appliance == 1U rackmount
      • $ 14,999 DDoS-OC192 9,952Mbit/sec 10gigE -- 100 gigE appliance == 1U rackmount
      • $ 19,999 DDoS-OC768 39,808Mbit/sec 40gigE -- 100 gigE appliance == 1U rackmount
      • $ email DDoS-OC3072 159,232Mbit/sec 160gigE - 400gigE Appliance == 4x40gigE or 4x100gigE

    • Order Appliance == simulate DDoS attackers
      • can be either Linux-based or FreeBSD based
      • included with Linux-based appliances

    • Please Email us for any pre-sales support questions you may have

  • IPtables-GUI (in)Security

    • IPtables-GUI command-line users should follow the normal root security procedures

    • IPtables-GUI aka HTML-based admin of iptables rules requires additional tasks/restrictions
      • IPtables-GUI should be run by user with sudo priviledges
        • you will need to setup apache to be able to run sudo iptables ..
      • IPtables-GUI should be password protected

      • IPtables-GUI should keep a copy of changes ( transaction logs ) as it runs

      • these rules apply to any gui-based management of iptables

    IPtables-GUI Bandwith Hogs == TCPdump Data Capture Mode


    • iptables-gui -tcpdump # capture incoming and outgoing packets

    • iptables-gui -data # convert SrcIP to DestIP into gnuplot/xplot data

    • iptables-gui -graph # convert SrcIP to DestIP into gnuplot bar graphs
    • Bandwidth Data - Graphs

    • Bandwidth Data - Text

    • IPtables-GUI Defending Against Incoming DDoS Attacks

      • Still under development ... not all features available

      • .. semi-live Demo

      • manually or Automagically Tarpit Incoming DDoS attackers per minute or per day
      • manually or Automagically Remove old Incoming DDoS attackers over last 7 days

      • http://localhost/cgi-bin/

      • iptables-gui -check # check your basic IPtable rule set for "missing rules"

      • iptables-gui -create # create example DDoS firewall

      • iptables-gui -view # show list of IPtable rules

      • iptables-gui -add # manually tarpit the incoming bandwidth hogs
      • iptables-gui -auto # automatically tarpit the incoming bandwidth hogs

      • iptables-gui -del 7 # delete iptable rules with zero counter value in last 7-days
      • iptables-gui -age 21 # delete iptable rules with no counter activity in last 21-days

      Copyright © 1994-2016 Linux-Consulting All Rights Reserved. Updated: Thu Oct 13 18:22:28 2016 PDT