Set your iptables to avoid DDOS attacks
Hi everyone. Because i get DDOS attack on my server i was looking to fix that thing. Set this on your /etc/init.d/firewall :
Code:
iptables -A INPUT -p UDP -f -j DROP
echo "Block DDOS - SYN-flood"
iptables -A INPUT -p TCP --syn -m iplimit --iplimit-above 9 -j DROP
echo "Block DDOS - Smurf"
iptables -A INPUT -m pkttype --pkt-type broadcast -j DROP
iptables -A INPUT -p ICMP --icmp-type echo-request -m pkttype --pkttype broadcast -j DROP
iptables -A INPUT -p ICMP --icmp-type echo-request -m limit --limit 3/s -j ACCEPT
echo "Block DDOS - UDP-flood (Pepsi)"
iptables -A INPUT -p UDP --dport 7 -j DROP
iptables -A INPUT -p UDP --dport 19 -j DROP
echo "Block DDOS - SMBnuke"
iptables -A INPUT -p UDP --dport 135:139 -j DROP
iptables -A INPUT -p TCP --dport 135:139 -j DROP
echo "Block DDOS - Connection-flood"
iptables -A INPUT -p TCP --syn -m iplimit --iplimit-above 3 -j DROP
echo "Block DDOS - Fraggle"
iptables -A INPUT -p UDP -m pkttype --pkt-type broadcast -j DROP
iptables -A INPUT -p UDP -m limit --limit 3/s -j ACCEPT
echo "Block DDOS - Jolt"
iptables -A INPUT -p ICMP -f -j DROP
if someone PRO think this could be better please correct me and dont blame
have fun
Re: Set your iptables to avoid DDOS attacks
I'm not attempting to 'knock' (insult) your effort at all. I will also admit I am no expert on DoS / DDoS attacks. However, from what I do know, it is to my understanding that the ONLY true way you will defeat a Dos/DDoS attack ~ is by having more bandwidth than the attacker(s)...
Re: Set your iptables to avoid DDOS attacks
you right 343. But having this script server protect against nab attacks wich are anoying and close your server for some houres. I used it and luckily works perfect.
Against PRO attacks need way more bandwith, i agree with you.
Untill then maybe this helps, i used to test and sweat fixing it while my poor server been down because of attack. After set all was good.
Re: Set your iptables to avoid DDOS attacks
rdciprian, you can help me?
appeared in my terminal:
/etc/init.d$ /etc/init.d/firewall start
Block DDOS - SYN-flood
iptables v1.4.10: Couldn't load match `iplimit':/lib/xtables/libipt_iplimit.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
Block DDOS - Smurf
iptables v1.4.10: unknown option `--pkttype'
Try `iptables -h' or 'iptables --help' for more information.
Block DDOS - UDP-flood (Pepsi)
Block DDOS - SMBnuke
Block DDOS - Connection-flood
iptables v1.4.10: Couldn't load match `iplimit':/lib/xtables/libipt_iplimit.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
Block DDOS - Fraggle
Block DDOS - Jolt
why? how do fix?
Re: Set your iptables to avoid DDOS attacks
You can't block a real DDOS attack, these only work against kiddies.
Re: Set your iptables to avoid DDOS attacks
Quote:
Originally Posted by
SXMaple
You can't block a real DDOS attack, these only work against kiddies.
I try to repeat myself SXMaple (i think you dont even read all post)
Quote:
Originally Posted by
rdciprian
you right 343. But having this script server protect against nab attacks wich are anoying and close your server for some houres. I used it and luckily works perfect.
Against PRO attacks need way more bandwith, i agree with you.
Your comment it is absolutely useles, and = 0 :w00t:
Re: Set your iptables to avoid DDOS attacks
Quote:
Originally Posted by
343
I'm not attempting to 'knock' (insult) your effort at all. I will also admit I am no expert on DoS / DDoS attacks. However, from what I do know, it is to my understanding that the ONLY true way you will defeat a Dos/DDoS attack ~ is by having more bandwidth than the attacker(s)...
This is mostly true, but rdciprian's release here recognizes and drops attempted flooding from a single IP. It's basic protection but it is better than nothing. It's also usually the only thing you'll need since most people attempting DDoS attacks don't possess advanced knowledge on the matter. Either that or they're other server owners who have too much practice with DDoSing their competitors because of their own insecurities, but I digress.