Hello, I'm not home right now.. I will test it tomorrow and let u know if it helped. ThanksOriginally Posted by Mitch
Rate limiting via iptables might work better with that amount of traffic.
e.g.
You could also try to only allow valid traffic e.g.PHP Code:iptables -N QUERY-BLOCK
iptables -A QUERY-BLOCK -m recent --set --name blocked-hosts -j DROP
iptables -N QUERY-CHECK
iptables -A QUERY-CHECK -p udp -m string ! --string "getstatus" --algo bm --from 32 --to 41 -j RETURN
iptables -A QUERY-CHECK -m recent --update --name blocked-hosts --seconds 30 --hitcount 1 -j DROP
iptables -A QUERY-CHECK -m hashlimit --hashlimit-mode srcip --hashlimit-name getstatus --hashlimit-above 15/second -j QUERY-BLOCK
iptables -A INPUT -p udp --dport 27960:29000 -j QUERY-CHECK
PHP Code:iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP # syn flood
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP # bogus TCP Flags
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 28960 -j ACCEPT
# ACCEPT all ports (+ used protocol) you are using for incoming traffic
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # accepts traffic requested by your server
Results 1 to 10 of 13
Thread: Attack on server
Threaded View
-
9th September 2017, 18:58 #8Private
- Join Date
- Mar 2014
- Location
- Czech Republic
- Posts
- 11
- Thanks
- 1
- Thanked 2 Times in 1 Post
Hello, I'm not home right now.. I will test it tomorrow and let u know if it helped. Thanks Originally Posted by Mitch
Reply With Quote