Forum

> > Trash > (Linux) Firewall
ForenübersichtTrash-ÜbersichtEinloggen, um zu antworten

Englisch (Linux) Firewall

30 Antworten
Seite
Zum Anfang Vorherige 1 2 Nächste Zum Anfang

Umfrage Umfrage

What do you think about it?

Nur registrierte Benutzer können abstimmen
I agree.
62,50% (10)
I disagree.
25,00% (4)
Doesn't have opinion.
12,50% (2)
16 Stimmen abgegeben

geschlossen verschoben Umfrage (Linux) Firewall

Evaldas
BANNED Off Offline

Zitieren
Hey,
I wanna share my plan about how we could improve our security against DoS and DDoS attacks, we already have created thousands threads "how our asses were kicked by DoS/DDoS attacks".

So first we need to whitelist ourselves, block everything, and leave only that we need.

Whitelist ourselves:
1
sudo iptables -A INPUT --source 123.123.123.123 -j ACCEPT
• Change 123.123.123.123 to your IP.

Blocking everything:
1
sudo iptables -P INPUT DROP

Whitelist UnrealSoftware:
1
sudo iptables -A INPUT --source 85.214.102.60 -j ACCEPT
• Server list and updates

(OPTIONAL)Reduce packets size :
1
2
sudo iptables -A INPUT -p udp --sport 36963:36970 -m length --length 0:28  -j DROP
sudo iptables -A INPUT -p udp --sport 36963:36970 -m length --length 1200:65535  -j DROP
• Blocking over sized packets.

Allowing CS2D Users to play in our server:
1
sudo iptables -A INPUT -p udp --sport 36963:36970 -j ACCEPT
• So now all users who setup they localport from 36963 to 36970 range, they will have access to our servers.
× But there is problem, if player changes his port to random like 54312, he wont be able to join our server. I would like to ask DC if he could change port range to smaller.

I already posted something likes this in thread cs2d Ideas for CS2D - READ THE FIRST POST (OP)! but i was ignored.
Bit later I sent him Private message and it seems he didnt liked idea of changing ports range, because it could lead to some problems.

So what problems it could be?
× ISP blocks the port.
× Some kind of program is using this port.
× USGN was attacked and port 36963 went down and now changed port to ex. 50000

Solutions
√ Well no problems with ISP u could just call them and ask to remove block.
√ Program using port 36963? Then change your port to 36964.
> USGN was attacked? Lol.. Then we wait until DC finds a way to block the attack.

Toys like LOIC, UDP Unicorn and others.
Are sending packets with random source ports, and then our great wall will help us.
Same thing goes with DDoS.

DC says that a real hacker would change his source port from where the attack is launched.. Well... Okay, one hacker bypassed and thousands of others didn't due to our wall.

WAITING FOR OPINIONS
2× editiert, zuletzt 08.09.15 15:36:33

alt Re: (Linux) Firewall

GeoB99
Moderator Off Offline

Zitieren
Well, I think these solutions are good to prevent/protect against small attacks or even medium ones, but sadly nothing can stop real and toughest attacks.

alt Re: (Linux) Firewall

lennon
User Off Offline

Zitieren
I have to check it out. I am glad we are fighting with these hackers. Thank you for share. Later i will comment this

alt Re: (Linux) Firewall

Hajt
User Off Offline

Zitieren
By the way. If you want check IP address of attacker, use this:
1
2
3
4
iptables -N LOGGING
iptables -A INPUT -p udp -m length --length 0:28 -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7
iptables -A LOGGING -j DROP
video

alt Re: (Linux) Firewall

lennon
User Off Offline

Zitieren
Well i tested and not working. They ddosed my server every 10 minutes and nobody cant join my server except me.

alt Re: (Linux) Firewall

Evaldas
BANNED Off Offline

Zitieren
user lennon Add me on skype, i will check where is a problem, because i already tested people should be able to join.
skype: i.cant.read

**Edit
Me and user Rainoth tested it, everything is working fine. Maybe people can't connect because they are using other ports?
2× editiert, zuletzt 29.05.15 12:53:03

alt Re: (Linux) Firewall

Rainoth
Moderator Off Offline

Zitieren
I can affirm to this. I could join his server just fine.
I don't really know a lot about all this firewall/DoS/network stuff but the thing that he said that instead of all, just a few DDoS'ers would succeed is enough for me to agree with him. Better choose the lesser evil until a countermeasure for this is created.

alt Re: (Linux) Firewall

lennon
User Off Offline

Zitieren
The real thing is how much server will stay on with this rules before its turned off

Maybe im bad admin, i will chat u tonight

alt Re: (Linux) Firewall

Evaldas
BANNED Off Offline

Zitieren
Its would be perfect if all who disagree this thread would comment here, because I and other people wanna know what problems it can have and maybe i could help you to fix these problems.

alt Re: (Linux) Firewall

Evaldas
BANNED Off Offline

Zitieren
UDP floods.
Spoiler >

DC and any other experienced network administrator could explain these things better but they probably would say something like:
"Don't be ass, go google it."
Because posting it to thousand users thousand times, would be just a waste of time.
Zum Anfang Vorherige 1 2 Nächste Zum Anfang
Einloggen, um zu antwortenTrash-ÜbersichtForenübersicht