Forum

> > Trash > (Linux) Firewall
Forums overviewTrash overviewLog in to reply

English (Linux) Firewall

30 replies
Page
To the start Previous 1 2 Next To the start

Poll Poll

What do you think about it?

Only registered users are allowed to vote
I agree.
62.50% (10)
I disagree.
25.00% (4)
Doesn't have opinion.
12.50% (2)
16 votes cast

closed moved Poll (Linux) Firewall

Evaldas
BANNED Off Offline

Quote
Hey,
I wanna share my plan about how we could improve our security against DoS and DDoS attacks, we already have created thousands threads "how our asses were kicked by DoS/DDoS attacks".

So first we need to whitelist ourselves, block everything, and leave only that we need.

Whitelist ourselves:
1
sudo iptables -A INPUT --source 123.123.123.123 -j ACCEPT
• Change 123.123.123.123 to your IP.

Blocking everything:
1
sudo iptables -P INPUT DROP

Whitelist UnrealSoftware:
1
sudo iptables -A INPUT --source 85.214.102.60 -j ACCEPT
• Server list and updates

(OPTIONAL)Reduce packets size :
1
2
sudo iptables -A INPUT -p udp --sport 36963:36970 -m length --length 0:28  -j DROP
sudo iptables -A INPUT -p udp --sport 36963:36970 -m length --length 1200:65535  -j DROP
• Blocking over sized packets.

Allowing CS2D Users to play in our server:
1
sudo iptables -A INPUT -p udp --sport 36963:36970 -j ACCEPT
• So now all users who setup they localport from 36963 to 36970 range, they will have access to our servers.
× But there is problem, if player changes his port to random like 54312, he wont be able to join our server. I would like to ask DC if he could change port range to smaller.

I already posted something likes this in thread cs2d Ideas for CS2D - READ THE FIRST POST (OP)! but i was ignored.
Bit later I sent him Private message and it seems he didnt liked idea of changing ports range, because it could lead to some problems.

So what problems it could be?
× ISP blocks the port.
× Some kind of program is using this port.
× USGN was attacked and port 36963 went down and now changed port to ex. 50000

Solutions
√ Well no problems with ISP u could just call them and ask to remove block.
√ Program using port 36963? Then change your port to 36964.
> USGN was attacked? Lol.. Then we wait until DC finds a way to block the attack.

Toys like LOIC, UDP Unicorn and others.
Are sending packets with random source ports, and then our great wall will help us.
Same thing goes with DDoS.

DC says that a real hacker would change his source port from where the attack is launched.. Well... Okay, one hacker bypassed and thousands of others didn't due to our wall.

WAITING FOR OPINIONS
edited 2×, last 08.09.15 03:36:33 pm

old Re: (Linux) Firewall

GeoB99
Moderator Off Offline

Quote
Well, I think these solutions are good to prevent/protect against small attacks or even medium ones, but sadly nothing can stop real and toughest attacks.

old Re: (Linux) Firewall

lennon
User Off Offline

Quote
I have to check it out. I am glad we are fighting with these hackers. Thank you for share. Later i will comment this

old Re: (Linux) Firewall

Hajt
User On Online

Quote
By the way. If you want check IP address of attacker, use this:
1
2
3
4
iptables -N LOGGING
iptables -A INPUT -p udp -m length --length 0:28 -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7
iptables -A LOGGING -j DROP
video

old Re: (Linux) Firewall

lennon
User Off Offline

Quote
Well i tested and not working. They ddosed my server every 10 minutes and nobody cant join my server except me.

old Re: (Linux) Firewall

Evaldas
BANNED Off Offline

Quote
user lennon Add me on skype, i will check where is a problem, because i already tested people should be able to join.
skype: i.cant.read

**Edit
Me and user Rainoth tested it, everything is working fine. Maybe people can't connect because they are using other ports?
edited 2×, last 29.05.15 12:53:03 pm

old Re: (Linux) Firewall

Rainoth
Moderator Off Offline

Quote
I can affirm to this. I could join his server just fine.
I don't really know a lot about all this firewall/DoS/network stuff but the thing that he said that instead of all, just a few DDoS'ers would succeed is enough for me to agree with him. Better choose the lesser evil until a countermeasure for this is created.

old Re: (Linux) Firewall

lennon
User Off Offline

Quote
The real thing is how much server will stay on with this rules before its turned off

Maybe im bad admin, i will chat u tonight

old Re: (Linux) Firewall

Evaldas
BANNED Off Offline

Quote
Its would be perfect if all who disagree this thread would comment here, because I and other people wanna know what problems it can have and maybe i could help you to fix these problems.

old Re: (Linux) Firewall

Evaldas
BANNED Off Offline

Quote
UDP floods.
Spoiler >

DC and any other experienced network administrator could explain these things better but they probably would say something like:
"Don't be ass, go google it."
Because posting it to thousand users thousand times, would be just a waste of time.
To the start Previous 1 2 Next To the start
Log in to replyTrash overviewForums overview