No it's not. we are talking about udp reflections from multiple thousands hosts...
Nothing would ever match your rules (TCP) Il 11/01/2013 22.54, Jake Forrester ha scritto: > I know this is a little late, but here's an iptables rule I use to help > against DDoS attacks. You'll probably need to have two--one for UDP and > one for TCP if it's a DNS type of attack. > > # allow only 8 req/sec per IP > -A INPUT -p tcp -m state --state NEW -m tcp --tcp-flags FIN,SYN,RST,ACK > SYN -m recent --set --name SYNFLOOD --rsource > -A INPUT -p tcp -m state --state NEW -m tcp --tcp-flags FIN,SYN,RST,ACK > SYN -m recent --update --seconds 1 --hitcount 8 --name SYNFLOOD > --rsource -j DROP > > Not sure if this is the type of solution you're looking for, but it > couldn't hurt. > > - rann > > On 1/11/2013 12:40 PM, John wrote: >> The solution that gamead...@127001.org gave was correct. For DNS DRDoS >> reflection attacks, the best plan is to have your upstream apply an >> ACL that whitelists the couple of DNS servers that you use and blocks >> all other traffic from port 53 to your network. Your ISP should be >> able to do this for little or no cost. Null-routing is not usually >> required for this type of attack unless your upstream's overall >> network capacity is less than 10G. >> >> DNS DRDoS attacks are one of the most common and easiest (thankfully) >> types to filter. Other DRDoS attacks can be a little harder to filter, >> and there are non-reflected attacks that are yet more difficult to >> block, requiring advanced string-matching rules upstream or other >> specialized techniques. >> >> -John >> >> On 1/11/2013 4:09 AM, ics wrote: >>> Most of us have experienced ddos attacks like that and yes >>> nullrouting is the only protection so the whole network isn't >>> affected. There is no protection against that without paying huge >>> sums of money. Those are not an option to small communities. >>> >>> -ics >>> >>> ----- Alkuperäinen viesti ----- >>>> We've had incoming DNS query reply attacks over several Gbit/sec. Any >>>> non-pro gaming community like ours can't defend against such floods of >>>> data. >>>> >>>> All you can do is have your IP's null-routed and wait till the attack >>>> dies out. >>>> >>>> Saint K. >>>> ________________________________________ >>>> From: hlds_linux-boun...@list.valvesoftware.com >>>> [hlds_linux-boun...@list.valvesoftware.com] On Behalf Of Sachin Sud >>>> [sudsac...@gmail.com] Sent: 11 January 2013 11:42 To: Half-Life >>>> dedicated Linux server mailing list Subject: Re: [hlds_linux] Servers >>>> get attacked via DDoS >>>> >>>> @127001 ( Some Pin code) .Orrgy >>>> Do i really care? >>>> Its better you start protecting your servers before its too late! >>>> Don't waste your time !:) >>>> >>>> On Fri, Jan 11, 2013 at 4:06 PM, <gamead...@127001.org> wrote: >>>> >>>>> Just because they're well known doesn't make them immune to >>>>> configuration cockups... one solution might be to get your host to >>>>> firewall all incoming from port 53 except for stuff coming from your >>>>> hosts' DNS servers (or google's, or whoever) - that won't help if the >>>>> bandwidth is going to overwhelm your host's core router, but it WILL >>>>> help in cases where it's flooding out your uplink >>>>> >>>>> @Sachin Sud: >>>>> >>>>> Perhaps you could actually be constructive? Despite saying you didn't >>>>> want to spam the list, your two contributions have been "lol" and a >>>>> post that essentially says "I think your approach is wrong but I'm not >>>>> going to give any details whatsoever" >>>>> >>>>>> -----Original Message----- >>>>>> From: hlds_linux-boun...@list.valvesoftware.com [mailto:hlds_linux- >>>>>> boun...@list.valvesoftware.com] On Behalf Of Marco Padovan >>>>>> Sent: 11 January 2013 10:32 >>>>>> To: hlds_linux@list.valvesoftware.com >>>>>> Subject: Re: [hlds_linux] Servers get attacked via DDoS >>>>>> >>>>>> yes, the attacks is exactly that... >>>>>> >>>>>> but those are not just "broken dns",i even saw some *well known* IT >>>>>> names into the "attackers". >>>>>> >>>>>> Il 11/01/2013 11.16, Arnim Eijkhoudt ha scritto: >>>>>>> Haha, >>>>>>> >>>>>>> I hope you're joking. Almost none of your questions are remotely >>>>>>> relevant to this type of attack. DNS reflection attacks can only be >>>>>>> effectively mitigated upstream. The structural solution, >>>>>>> unfortunately, is educating/informing the admins of the broken DNS >>>>>>> servers (short of just bluntly increasing the bandwidth capacity of >>>>>>> the affected server(s) and 'sitting it out'). >>>>>>> >>>>>>> See also: http://blog.cloudflare.com/65gbps-ddos-no-problem >>>>>>> >>>>>>> €0,02 >>>>>>> >>>>>>> On 11-1-2013 10:52, Sachin Sud wrote: >>>>>>>> My intensions are not to spam this mail list. >>>>>>>> But if you guys are comfortable , you need to answer few >>>>>>>> questions >>>>>> by >>>>>>>> which >>>>>>>> i can help you better to get saved from ddos attacks. >>>>>>>> >>>>>>>> Which country are you from? >>>>>>>> How many game servers you host? >>>>>>>> How often the attack happens? >>>>>>>> Is it specific to any particular game? >>>>>>>> Which OS you have on server? >>>>>>>> What kind of firewall you use , in case if you use any >>>>>>>> And last question How much money you spend monthly on servers ( >>>>>> Based on >>>>>>>> your location, i can recommend some ddos protection if required ) >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Sachin >>>>>>> _______________________________________________ >>>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>> archives, >>>>>>> please visit: >>>>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >>>>>> _______________________________________________ >>>>>> To unsubscribe, edit your list preferences, or view the list >>>>>> archives, please visit: >>>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >>>>> _______________________________________________ >>>>> To unsubscribe, edit your list preferences, or view the list archives, >>>>> please visit: >>>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >>>>> >>>> _______________________________________________ >>>> To unsubscribe, edit your list preferences, or view the list archives, >>>> please visit: >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >>>> >>>> _______________________________________________ >>>> To unsubscribe, edit your list preferences, or view the list archives, >>>> please visit: >>>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list >>> archives, please visit: >>> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
