Basic DDOS protection to your Ubuntu server

Automicbomb · **Author**

NOTE!! THIS ONLY WORKS ON DEDICATED/VPS SERVER WHERE YOU HAVE ROOT ACCESS

So i found out that you can make basic ddos protection to your server using iptables. It wont crash or anything. It just gives 0,5sec lag spike and all is fine again

Code:

 iptables -I INPUT -p tcp --dport <your port> -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport <your port> -i eth0 -m state --state NEW -m recent --update --hitcount 10 -j DROP

Use that and you are good to go.

Basicly it does the following:
1. Attacker start to DOS(h) your server
2. iptables checks the ip
3. 10 times connected in certain ammount of time = CONNECTION TERMINATED

DoPe^ · 09-13-2013 , 09:44 Re: Basic DDOS protection to your Ubuntu server

https://forums.alliedmods.net/showthread.php?t=166037
https://forums.alliedmods.net/showthread.php?t=165560

;)

Dravu · 09-13-2013 , 14:43 Re: Basic DDOS protection to your Ubuntu server

How useful would this be? The vast majority of DDOS attacks are UDP-based and either use reflection attacks or spoof all of the addresses. These rules would only stop a very small subset of attacks from a single source.

404UserNotFound · *Last edited by 404UserNotFound; 09-14-2013 at 00:13.*

Wow, this is good for me to know seeing as I run an Ubuntu 12.04 dedi. Do you just input these commands as root through PuTTY?

Only question I have is what do I enter for "<your port>"

EDIT: Oh wait, it'd obviously be the port for my server, so if I had more than one server, I'd do the command once for each server.

marcintojatak · *Last edited by marcintojatak; 09-18-2013 at 07:01.*

Quote:

Originally Posted by abrandnewday

Wow, this is good for me to know seeing as I run an Ubuntu 12.04 dedi. Do you just input these commands as root through PuTTY?

Only question I have is what do I enter for "<your port>"

EDIT: Oh wait, it'd obviously be the port for my server, so if I had more than one server, I'd do the command once for each server.

https://forums.alliedmods.net/showpo...46&postcount=3

&

small program but its work.you memory & cpu is more free because atacker dont conect
to yours srv

http://forums.alliedmods.net/showthread.php?t=163467 <--fail2ban tutorial

just install fail2ban and srcdsdos.conf & configure jail.conf to yours port

where is XX add yours game srv port

[srcdsdos]
enabled = true
port = 270XX,270XX,270XX,270XX,270XX,270XX,270XX,270 XX,270XX,270XX,270XX,270XX,270XX,270XX #put your SRCDS ports in here
protocol = udp
filter = srcdsdos
logpath = /var/log/messages.log
maxretry = 3
bantime = 6000

in link fail2ban is cfg jail.conf

Zephyrus · 09-18-2013 , 13:39 Re: Basic DDOS protection to your Ubuntu server

THIS IS NOT DDOS PROTECTION

marcintojatak · *Last edited by marcintojatak; 09-18-2013 at 14:27.*

Quote:

Originally Posted by Zephyrus

THIS IS NOT DDOS PROTECTION

if not try atack my srv ddos atack

91.121.177.54:27015
the picture show only ban ssh maybe you don know what you say but dont read all post

this program fail2ban is ddos protector & read about him meany otcher things protect just configurate him

bots net is not even trying to connect to him if IP is blocked once

Zephyrus tell me what this program is but you meabe got own bot net and you dont have acces to vps
or dedi when fail2ban is installed

user will decide whether the program helps protect the server

see in the logs if and how it helps

i have debian 7.1 and for me is useful and
i recommended him to any other users and css players

Zephyrus · 09-18-2013 , 14:16 Re: Basic DDOS protection to your Ubuntu server

ddos works be overloading your network and its mostly done through UDP not TCP... also the bots dont give a damn if you refuse their connection they just send the packets even when the machine is down to keep it down... maybe you have no idea what DDOS really is....

marcintojatak · *Last edited by marcintojatak; 09-18-2013 at 15:04.*

Quote:

Originally Posted by Zephyrus

ddos works be overloading your network and its mostly done through UDP not TCP... also the bots dont give a damn if you refuse their connection they just send the packets even when the machine is down to keep it down... maybe you have no idea what DDOS really is....

try or wrihgt to person what meabe have bot net

meany dedi vps and other machine not secure ar conect to one powerfull virtal machine is zed zet idnt reamemer name of program administration all machines plug in one powerfull and atack a one IP.and suspended machine to be re-directed computing power.overflow idont remember.i configure fail2ban to upd ports are secure

[srcdsdos]
enabled = true
port = XXX,XXX,XXX#put your SRCDS ports in here
protocol = udp <--Zephyrus read

filter = srcdsdos
logpath = /var/log/messages.log
maxretry = 3
bantime = 6000

i paste a small line of cfg

that dont all

Zephyrus try suspended game srv or dedi ok.i whight if server is offline

i must translate to polish and Wright to you on English.but on polish i will Wright This may take a few minutes but you are Hungarian rnglish is not yours home language.

nie pierdol ulungu zapyzialy ze się tak znasz odpowiedział bys na pytanie zadane przez innego użytkownika a nie się madrzyl ze ktoś się nie zna nie urzywasz programu ja wiem ze jest dobry i blokuje co trzeba po uprzednim skonfigurowaniu go.jeb się do dupy stary geju

users will now if install.helps or not try it and you will know

DoPe^ · 09-18-2013 , 14:52 Re: Basic DDOS protection to your Ubuntu server

Zephyrus, just forget talking with this guy :p he thinks he knows everything and you won't reason with him.
A little example can be found here https://forums.alliedmods.net/showthread.php?t=225534