Anti DDos Debian 10
Hello Everyone,
Since past few days, my server is getting DDos attacks. The bandwidth of attacks is more than what my ISP can handle. I am creating some Firewall rules. if anyone can help me with it, i will really appreciate. If you know some Firewall/Iptables rules, please let me know. If you know some Anti DDos tool which will work, please let me know. I have a few questions if you can answer it. 1. What are the ports CS1.6 use except 27015(Game port) and 3306(MySQL) ? 2. What should be the recommended rate-limit for udp and tcp protocol ? 3. Does CS 1.6 use ICMP protocol? If yes, what is recommended rate limit? if 4. what could be the rate limit for tcp-syn ? Below are some of the Iptables rules i have already tried but did not work. iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 6000:6100 -j ACCEPT iptables -A INPUT -p udp --dport 27015 -j ACCEPT iptables -A INPUT -m string --string "HLBrute" --algo kmp -j DROP iptables -A INPUT -m string --string "HLXBrute" --algo kmp -j DROP iptables -A INPUT -p udp --dport 27015 -m u32 --u32 "0x19&0xff=0xfe" -j DROP OS : Debian 10 |
Re: Anti DDos Debian 10
Follow the rules i've been using. Note that I use xtables with geoip to block connections from other countries. (https://imanudin.net/2020/06/28/how-...oip-on-ubuntu/)
I've noticed that my server was receiving valid HL packets from servers from around the world. I think that someone was able to use HL servers to attack another HL servers (Reflected DoS). Hope it helps. # Allow Gametracker inbound -A INPUT -s 208.167.241.187/32 -p udp -j ACCEPT -A INPUT -s 108.61.78.150/32 -p udp -j ACCEPT -A INPUT -s 108.61.78.149/32 -p udp -j ACCEPT -A INPUT -s 149.28.43.230/32 -p udp -j ACCEPT -A INPUT -s 45.77.96.90/32 -p udp -j ACCEPT # Accept only brazil IPs -A INPUT -p udp -m geoip ! --source-country BR -j DROP # Accept UDP DNS -A INPUT -s DNSIP/32 -p udp -m udp --sport 53 -j ACCEPT -A INPUT -s DNSIP/32 -p udp -m udp --sport 53 -j ACCEPT #Accept SSH -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT # Block fragmented packets -A INPUT -f -j DROP # Accept UDP connections to 27015 with extra steps* This is important -A INPUT -p udp -m udp --dport 27015 -m multiport --sports 1024:1899,1901:2061,2063:3088,3090:5352,5354: 7129,7131:27014,27016:65535 -m state --state NEW -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 3 --hashlimit-mode srcip,dstport --hashlimit-name UDPDOSPROTECT --hashlimit-htable-max 999999999 --hashlimit-htable-expire 60000 -m length --length 28:150 -m ttl --ttl-lt 200 -j ACCEPT # Block no states packets (This is for TCP only) -A INPUT -m state --state INVALID -j DROP # Accept already established connections (also TCP only) -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # Block anything else -A INPUT -i eth0 -j DROP |
Re: Anti DDos Debian 10
Quote:
The rule repeat and has an unknown term, DNSIP? |
Re: Anti DDos Debian 10
Quote:
|
Re: Anti DDos Debian 10
FAIL2BAN
|
Re: Anti DDos Debian 10
Quote:
|
Re: Anti DDos Debian 10
On a cheap VPS it is part of the cost of doing business. Be sure to maintain a good relationship with your provider. On a dedicated line my FAIL2BAN is never past 0.3 CPU on what I consider stone-age hardware and active ddos. Just a single core.
Their homepage mission statement: Quote:
Quote:
Quote:
|- Currently banned: 95 |- Total banned: 1431 |
All times are GMT -4. The time now is 07:18. |
Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.