-
Notifications
You must be signed in to change notification settings - Fork 1k
Basic DoS Protection
To cut a long story short, I've been doing recon on pools running MPOS using various methods. Anyway, The general consensus is that most of you have never heard of a Firewall
So just blindly paste the code block at the bottom into your terminal. I'll give you a really brief explanation of what they do
sudo iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m limit --limit 50/minute --limit-burst 200 -j ACCEPT
- We are Adding an INPUT rule.
- -p tcp --dport 80 = We are looking for TCP traffic over port 80
- we are applying this to any new connections meeting the above conditions.
- We then limit the amount of "packets" that can be sent to 200, And when that limit is reached, We limit further attempts to 50 "packets" (In essence, You speed up for no reason, We slow you down)
- We Jump to ACCEPT the packet and send it to its destination without further questioning.
sudo iptables -A INPUT -m state --state RELATED,ESTABLISHED -m limit --limit 50/second --limit-burst 50 -j ACCEPT
- We are Adding an INPUT rule
- This is going to apply to already established connections and their related connections.
- We limit their requests to 50 packets a second (A "normal" person shouldn't need more then that)
- Again we Jump to ACCEPT those packets.
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
There's "a-lot" going here, So i will sum it up by saying, We are dropping packets from lame script kiddies, and anything else that isn't complete or compliant. No self respecting firewall should be lacking these rules by default (Yet they all are) This should protect you from lame flood attacks, well at least the ones not launched by "professionals"
iptables -A PORT_SCANNING -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j RETURN
iptables -A PORT-SCANNING j DROP
We create a new chain to monitor PORT SCANNING attempts, And then DROP them all on their head if they flood us. You may want to also create a log file, But we won't do that because theirs quota considerations you need to make.
- You might consider installing APF firewall.
- You might consider installing (D)DosDeflate.
- You probably (you do) want to drop everything your not using. (research)
- This is NOT the end of your IP Tables adventure, This is just to wake you up to the idea.
sudo iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m limit --limit 50/minute --limit-burst 200 -j ACCEPT
sudo iptables -A INPUT -m state --state RELATED,ESTABLISHED -m limit --limit 50/second --limit-burst 50 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
iptables -A PORT_SCANNING -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j RETURN
iptables -A PORT-SCANNING j DROP
DO NOT TRY TO LIMIT YOUR STRATUM PORT, You will CRASH your firewall.
-
- installation of Redis requires TCL 8.5 or newer TCL Download Page