ZGAN Posted February 8, 2004 Share Posted February 8, 2004 Nqma li nqkakva zashtita ot tova...? m3k3k3 beshe taka dobur da mi pusni DDOS...ne beshe fatalno /ne che se oplakvam/ no e nepriqtno [10:25:19] <m3k3k3> ei sia 6ta naflooda super mo6tno kakto i da e...neka guruvcite da obqsnat ako znaqt nqkakvi protekci... kato polzvam iptraf Packet Size (bytes) Count │ 1 to 75: 1566 Ima li nachin da se zabrani prashtaneto na paketi po malki ot 75 bytes ? Link to comment Share on other sites More sharing options...
Godfather Posted February 8, 2004 Share Posted February 8, 2004 ZGAN, v iptables ima flag za dyljina na paketa: --length , no nai-lesnia nachin v sluchaia e slednoto: iptables -A INPUT -s <dosIP> -j DROP iptables -A FORWARD -s <dosIP> -j DROP kydeto e IP adresa na atakuvashtia (poneje v sluchaia toi edva li shte ima vyzmojnost da si go smeni tolkova lesno ). Malko po-seriozen podhod e tozi (s izpolzvane na rate-limit, logvane da flood-a i t.n. Triabva da se prisvoiat tochite stoinosti na IFACE_INET i IFACE_INT): #!/bin/bash IPTABLES=/sbin/iptables IFACE_INET=eth1 IFACE_INT=eth0 ### Create separate syn-flood chain $IPTABLES -N syn-flood $IPTABLES -A syn-flood -i $IFACE_INET -m limit --limit 75/s --limit-burst 100 -j RETURN $IPTABLES -A syn-flood -i $IFACE_INT -j RETURN $IPTABLES -A syn-flood -j LOG --log-prefix "SYN-FLOOD: " $IPTABLES -A syn-flood -j DROP $IPTABLES -A INPUT -i $IFACE_INT -p tcp --syn -j syn-flood $IPTABLES -A INPUT -i $IFACE_INET -p tcp --syn -j syn-flood $IPTABLES -A FORWARD -i $IFACE_INET -p tcp --syn -j syn-flood $IPTABLES -A FORWARD -i $IFACE_INT -p tcp --syn -j syn-flood Link to comment Share on other sites More sharing options...
PQI Posted February 8, 2004 Share Posted February 8, 2004 Можеш да инсталираш firewall, примерно APF. Ето how-to по стъпки: What is APF (Advanced Policy Firewall)?APF is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike. Packaged in tar.gz format and RPM formats, make APF ideal for deployment in many server environments based on Linux. APF is developed and maintained by R-fx Networks: http://www.rfxnetworks.com/apf.php This guide will show you how to install and configure APF firewall, one of the better known Linux firewalls available. Requirements: - Root SSH access to your server Lets begin! Login to your server through SSH and su to the root user. 1. cd /root/downloads or another temporary folder where you store your files. 2. wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz 3. tar -xvzf apf-current.tar.gz 4. cd apf-0.9.3_3/ or whatever the latest version is. 5. Run the install file: ./install.sh You will receive a message saying it has been installed .: APF installed Install path: /etc/apf Config path: /etc/apf/conf.apf Executable path: /usr/local/sbin/apf 6. Lets configure the firewall: pico /etc/apf/conf.apf We will go over the general configuration to get your firewall running. This isn't a complete detailed guide of every feature the firewall has. Look through the README and the configuration for an explanation of each feature. Stop the firewall from automatically starting at boot time, possibly locking yourself out of your server! We recommend changing this back to "1" after you've had a chance to ensure everything is working well and tested the server out. FIND: DEVM="1" CHANGE TO: DEVM="0" We like to use DShield.org's "block" list of top networks that have exhibited suspicious activity. FIND: USE_DS="0" CHANGE TO: USE_DS="1" 7. Configuring Firewall Ports: Cpanel Servers We like to use the following on our Cpanel Servers Common ingress (inbound) ports # Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD IG_TCP_CPORTS="21,22,25,53,80,110,143,443,2082,2083, 2086,2087, 2095, 2096,30000_35000" # # Common ingress (inbound) UDP ports IG_UDP_CPORTS="53" Common egress (outbound) ports # Common egress (outbound) TCP ports EG_TCP_CPORTS="21,25,80,443,43" # # Common egress (outbound) UDP ports EG_UDP_CPORTS="20,21,53" Save the changes: Ctrl+X then Y 8. Starting the firewall /usr/local/sbin/apf -s Other commands: usage /usr/local/sbin/apf [OPTION] -s|--start ............. load firewall policies -r|--restart ........... flush & load firewall -f|--flush|--stop ...... flush firewall -l|--list .............. list chain rules -st|--status ........... firewall status -a HOST|--allow HOST ... add host (IP/FQDN) to allow_hosts.rules and immediately load new rule into firewall -d HOST|--deny HOST .... add host (IP/FQDN) to deny_hosts.rules and immediately load new rule into firewall Така, след това се ползва antidos плъгина от същия автор: http://www.r-fx.org/apf/README.antidos http://www.r-fx.org/apf/README.antidos http://www.r-fx.org/apf.php Link to comment Share on other sites More sharing options...
ZGAN Posted February 8, 2004 Author Share Posted February 8, 2004 Godfather, slagam go tova v fail syn-flood i pisha chmod 777 synflood kato pisha posle ./synflood i dava tova: ./syn-flood: line 1: IPTABLES: command not found ./syn-flood: line 2: IFACE_INET: command not found ./syn-flood: line 3: IFACE_INT: command not found ./syn-flood: line 5: -N: command not found ./syn-flood: line 6: -A: command not found ./syn-flood: line 7: -A: command not found ./syn-flood: line 8: -A: command not found ./syn-flood: line 9: -A: command not found ./syn-flood: line 11: -A: command not found ./syn-flood: line 12: -A: command not found ./syn-flood: line 13: -A: command not found ./syn-flood: line 14: -A: command not found Lamer, /etc/apf/firewall: line 147: /sbin/iptables: No such file or directory /etc/apf/firewall: line 151: /sbin/iptables: No such file or directory /etc/apf/firewall: line 162: /sbin/iptables: No such file or directory /etc/apf/firewall: line 163: /sbin/iptables: No such file or directory /etc/apf/firewall: line 164: /sbin/iptables: No such file or directory nqkvi po lesnichki za men idei ? Link to comment Share on other sites More sharing options...
Godfather Posted February 8, 2004 Share Posted February 8, 2004 Godfather,slagam go tova v fail syn-flood i pisha chmod 777 synflood kato pisha posle ./synflood i dava tova: ./syn-flood: line 1: IPTABLES: command not found ./syn-flood: line 2: IFACE_INET: command not found ./syn-flood: line 3: IFACE_INT: command not found ... ZGAN, sorry, greshkata e v moeto byrzane i zanimavaneto mi s oshte 100 raboti (tova estestveno ne me opravdava ) Pogledni pak po-gore, korigirah scripta: triabva da se mahnat intervalite pri prisvoiavaneto i da se sloji "shebang" reda nai-otgore I drugo vajno, vnimavai s promenlivite, naprimer za redhat: IPTABLES=/sbin/iptables, no za slack: IPTABLES=/usr/sbin/iptables EDIT: Милсля, че тук му е мястото да кажа, че настройването на firewall (в случая iptables) правила е динамичен процес и в повечето случаи е трудно да се даде "универсално лекарство" или нещата се променят в зависимост от конкретната нова ситуация. Единственото, което мога да препоръчам е всеки, който използва подобен рутер/гейтуей да седне и да попрочете малко повече за Netfilter. Много е важно да се разбира правилно действието на всяко едно правило във веригата, иначе ефекта може да бъде и отрицателен За правилното разбиране на правилата е важно познаването не само на синтаксиса (който се научава за няколко часа), но най-вече трябва да се разбира действието на всички протоколи от фамилията TCP/IP (т.е. какво става в мрежата), иначе не се получава Link to comment Share on other sites More sharing options...
ZGAN Posted February 8, 2004 Author Share Posted February 8, 2004 Pogledni pak po-gore, korigirah scripta: triabva da se mahnat intervalite pri prisvoiavaneto i da se sloji "shebang" reda nai-otgore Mistificiraiki pantonimikata na paradoksalnata antopologika i baziraiki se na silidna fundamentalna praktirka vijdam che poradi rabotata ti ne si uspql da opravish scripta...ama zashto si mislish che az moga da go redaktiram...ne mi e qsno nishto zaebi ...2-3 dena bez net...goqlma rabota Link to comment Share on other sites More sharing options...
Godfather Posted February 8, 2004 Share Posted February 8, 2004 Mistificiraiki pantonimikata na paradoksalnata antopologika i baziraiki se na silidna fundamentalna praktirka vijdam che poradi rabotata ti ne si uspql da opravish scripta...ama zashto si mislish che az moga da go redaktiram...ne mi e qsno nishto zaebi ...2-3 dena bez net...goqlma rabota Добре бе ZGAN, нали пишеш, че имаш iptraf, което ще рече, че си регистрирал IP адреса на този, който те флудва, просто го резни с тези две простички правила и толкоз (сори, че се повтарям): iptables -A INPUT -s -j DROPiptables -A FORWARD -s -j DROP Link to comment Share on other sites More sharing options...
PQI Posted February 8, 2004 Share Posted February 8, 2004 ZGAN, само замени пътят, който ти бе любезно указан от Godfather и опитай отново. Аз ползвам APF на работния сървър, но без промени по антидос-а. Иначе като firewall засега изглежда, че работи добре (ползвам го вече месец някъде). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.