Protection against OOG attacks based on iptables:
First of all, we create the firewall script rules, you can name it as you wish.
Code:
[COLOR=#90959A]iptables -A INPUT -p tcp -m multiport --dports 29000 -m length --length 500:65535 -j LOG --log-prefix "PW"[/COLOR]
With this rule, we record all game packages from port 29000 in sizes from 500 to 65535 bytes.
Code:
[COLOR=#90959A]iptables -A INPUT -p tcp -m multiport --dports 29000 -m length --length 500:65535 -m recent --name packets --set
[/COLOR][COLOR=#90959A]iptables -A INPUT -p tcp -m multiport --dports 29000 -m length --length 500:65535 -m recent --name packets --update --seconds 1 --hitcount 100 -j REJECT[/COLOR]
With these rules, we block the user if the server received from him more than 100 packets of size 500 - 65535 bytes in 1 second on the 29000 (game) port.
Code:
[COLOR=#90959A]iptables -A INPUT -p tcp -m multiport --dports 29000 -m length --length SIZE -m recent --name packet1 --set[/COLOR]
[COLOR=#90959A]iptables -A INPUT -p tcp -m multiport --dports 29000 -m length --length SIZE -m recent --name packet1 --update --seconds 15 --hitcount 3 -j REJECT[/COLOR]
With these rules, we block users who send more than 3 packets in 15 seconds to port 29000. SIZE - packet size in bytes.
How to track packet size in bytes?
After the first rule, where we log all the game packages, you can see them in the / var / log / syslog file or with the dmesg command in the server console.
When an attack goes on, syslog will have many identical packets in a short time.
Code:
[COLOR=#90959A][68003.357231] PW IN=ipip1 OUT= MAC= SRC=USER IP ADRESS DST=*.*.*.* LEN=547 TOS=0x00 PREC=0x00 TTL=241 ID=13328 DF PROTO=TCP SPT=22511 DPT=63947 WINDOW=254 RES=0x00 ACK PSH URGP=0[/COLOR]
In the example above, the packet size is 'LEN = 547'.
With OOG protection sorted out. Let's move on to other ways to compete with NewDestiny.
Brutus accounts. Everything is completely simple here:
#block brute force login
Code:
[COLOR=#90959A]iptables -A INPUT -p tcp -m multiport --dports 29000 -m conntrack --ctstate NEW -m recent --name brute --set
[/COLOR][COLOR=#90959A]iptables -A INPUT -p tcp -m multiport --dports 29000 -m conntrack --ctstate NEW -m recent --name brute --update --seconds 30 --hitcount 3 -j REJECT[/COLOR]
With this rule, we block the user's IP for 30 seconds if he made more than 3 requests to connect to port 29000.
Hacking server protection recommendations:
- Make a complete restriction on ports other than gaming through iptables.
- Make a connection to the server using ssh key (s) with a code word.Use the latest versions of mysql, apache2 and other important packages.
- After loading through OOG, use logrotate, otherwise, when backing up the logs, the RAM of your server will be fully used. This may be a consequence of hacking.
- Do not use third-party software on the game server.
- Use a non-standard player password filter. For several hours on our authorization there were over 50,000 invalid authorization attempts. 30% of our players matched usernames from these username / password pairs.
We prefer fair competition, we do not have time and extra finance for attacks. Do not mess with these people, it can end badly.
Source:
You must be registered to see links