Set your iptables to avoid DDOS attacks

Hi everyone. Because i get DDOS attack on my server i was looking to fix that thing. Set this on your /etc/init.d/firewall :

Code:

---

iptables -A INPUT -p UDP -f -j DROP
echo "Block DDOS - SYN-flood"
iptables -A INPUT -p TCP --syn -m iplimit --iplimit-above 9 -j DROP
echo "Block DDOS - Smurf"
iptables -A INPUT -m pkttype --pkt-type broadcast -j DROP
iptables -A INPUT -p ICMP --icmp-type echo-request -m pkttype --pkttype broadcast -j DROP
iptables -A INPUT -p ICMP --icmp-type echo-request -m limit --limit 3/s -j ACCEPT
echo "Block DDOS - UDP-flood (Pepsi)"
iptables -A INPUT -p UDP --dport 7 -j DROP
iptables -A INPUT -p UDP --dport 19 -j DROP
echo "Block DDOS - SMBnuke"
iptables -A INPUT -p UDP --dport 135:139 -j DROP
iptables -A INPUT -p TCP --dport 135:139 -j DROP
echo "Block DDOS - Connection-flood"
iptables -A INPUT -p TCP --syn -m iplimit --iplimit-above 3 -j DROP
echo "Block DDOS - Fraggle"
iptables -A INPUT -p UDP -m pkttype --pkt-type broadcast -j DROP
iptables -A INPUT -p UDP -m limit --limit 3/s -j ACCEPT
echo "Block DDOS - Jolt"
iptables -A INPUT -p ICMP -f -j DROP

---

if someone PRO think this could be better please correct me and dont blame

have fun

I'm not attempting to 'knock' (insult) your effort at all. I will also admit I am no expert on DoS / DDoS attacks. However, from what I do know, it is to my understanding that the ONLY true way you will defeat a Dos/DDoS attack ~ is by having more bandwidth than the attacker(s)...

you right 343. But having this script server protect against nab attacks wich are anoying and close your server for some houres. I used it and luckily works perfect.
Against PRO attacks need way more bandwith, i agree with you.

Untill then maybe this helps, i used to test and sweat fixing it while my poor server been down because of attack. After set all was good.

rdciprian, you can help me?

appeared in my terminal:

/etc/init.d$ /etc/init.d/firewall start
Block DDOS - SYN-flood
iptables v1.4.10: Couldn't load match `iplimit':/lib/xtables/libipt_iplimit.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
Block DDOS - Smurf
iptables v1.4.10: unknown option `--pkttype'
Try `iptables -h' or 'iptables --help' for more information.
Block DDOS - UDP-flood (Pepsi)
Block DDOS - SMBnuke
Block DDOS - Connection-flood
iptables v1.4.10: Couldn't load match `iplimit':/lib/xtables/libipt_iplimit.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
Block DDOS - Fraggle
Block DDOS - Jolt

why? how do fix?

You can't block a real DDOS attack, these only work against kiddies.

Quote:

---

Originally Posted by SXMaple

You can't block a real DDOS attack, these only work against kiddies.

---

I try to repeat myself SXMaple (i think you dont even read all post)

Quote:

---

Originally Posted by rdciprian

you right 343. But having this script server protect against nab attacks wich are anoying and close your server for some houres. I used it and luckily works perfect.
Against PRO attacks need way more bandwith, i agree with you.

---

Your comment it is absolutely useles, and = 0 :w00t:

Quote:

---

Originally Posted by 343

I'm not attempting to 'knock' (insult) your effort at all. I will also admit I am no expert on DoS / DDoS attacks. However, from what I do know, it is to my understanding that the ONLY true way you will defeat a Dos/DDoS attack ~ is by having more bandwidth than the attacker(s)...

---

This is mostly true, but rdciprian's release here recognizes and drops attempted flooding from a single IP. It's basic protection but it is better than nothing. It's also usually the only thing you'll need since most people attempting DDoS attacks don't possess advanced knowledge on the matter. Either that or they're other server owners who have too much practice with DDoSing their competitors because of their own insecurities, but I digress.