Linux.com

duynguyen

duynguyen

  • Linux.com Member
  • Posts: 4
  • Member Since: 28 Nov 09
  • Last Logged In: 02 Dec 09

Latest Posts

Posted by
Topic
Post Preview
Posted
  • duynguyen
    RE: Help me. My server is attacked DDoS
    Hi mfillpot, This is my config for iptables ######## iptables_Firewall.sh cript #!/bin/sh IPTABLES=/sbin/iptables ######### Init values INTERNAL_INTERFACE="eth5" INTERNAL_ADDR="192.168.1.10" EXTERNAL_INTERFACE="eth4" EXTERNAL_ADDR="222.255.237.87" ######### Pre-config $IPTABLES -F FORWARD ## reset FORWARD chain $IPTABLES -F INPUT ## reset INPUT chain $IPTABLES -F OUTPUT ## reset OUTPUT chain $IPTABLES -P FORWARD DROP ## Default FORWARD chain is DROP $IPTABLES -P OUPUT ACCEPT ## Default OUTPUT chain is ACCEPT $IPTABLES -P INPUT DROP ## Default INPUT chain is DROP ######## Rules $IPTABLES -A INPUT -p icmp -j ACCEPT #$IPTABLES -A INPUT -i $EXTERNAL_INTERFACE -p icmp -icmp-type echo-request -m limit --limit 5/s -j ACCEPT ## Drop all ips DOS $IPTABLES -A INPUT -i $EXTERNAL_INTERFACE -s 58.186.103.244 -d $EXTERNAL_ADDR -j DROP $IPTABLES -A INPUT -i $EXTERNAL_INTERFACE -s 222.255.77.119 -d $EXTERNAL_ADDR -j DROP $IPTABLES -A INPUT -i $EXTERNAL_INTERFACE -s 58.186.217.54 -d $EXTERNAL_ADDR -j DROP ## Permit these UDP ports $IPTABLES -A INPUT -i $EXTERNAL_INTERFACE -s 0/0 -d $EXTERNAL_ADDR -p udp --dport 5060 -m limit --limit 4/s -j ACCEPT $IPTABLES -A INPUT -i $EXTERNAL_INTERFACE -s 0/0 -d $EXTERNAL_ADDR -p udp --dport 5080 -m limit --limit 4/s -j ACCEPT $IPTABLES -A INPUT -i $EXTERNAL_INTERFACE -s 0/0 -d $EXTERNAL_ADDR -p udp --dport 53 -m limit --limit 4/s -j ACCEPT $IPTABLES -A INPUT -i $EXTERNAL_INTERFACE -s 0/0 -d $EXTERNAL_ADDR -p udp -j ACCEPT ## Permit SSH $IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT $IPTABLES -A INPUT -i lo -p all -j ACCEPT ## Internal interface : Permit all $IPTABLES -A INPUT -i $INTERNAL_INTERFACE -s 0/0 -p all -j ACCEPT Please help me include your script into it to anti DOS. Everytime this script is run, it will reset iptables. Pls note, in Log_dos.txt, ips dos are ips which request more than 5 times per second. Log_dos.txt is a part copy of /var/log/message . We will write a script to filter ips dos base on message file. This file is very large so we will use tail -n 500 /var/log/message instead of. Please help. Thank you very much.
    Link to this post 01 Dec 09

    Hi mfillpot,
    This is my config for iptables

    ######## iptables_Firewall.sh cript
    #!/bin/sh
    IPTABLES=/sbin/iptables

    ######### Init values
    INTERNAL_INTERFACE="eth5"
    INTERNAL_ADDR="192.168.1.10"
    EXTERNAL_INTERFACE="eth4"
    EXTERNAL_ADDR="222.255.237.87"

    ######### Pre-config
    $IPTABLES -F FORWARD ## reset FORWARD chain
    $IPTABLES -F INPUT ## reset INPUT chain
    $IPTABLES -F OUTPUT ## reset OUTPUT chain
    $IPTABLES -P FORWARD DROP ## Default FORWARD chain is DROP
    $IPTABLES -P OUPUT ACCEPT ## Default OUTPUT chain is ACCEPT
    $IPTABLES -P INPUT DROP ## Default INPUT chain is DROP

    ######## Rules

    $IPTABLES -A INPUT -p icmp -j ACCEPT

    #$IPTABLES -A INPUT -i $EXTERNAL_INTERFACE -p icmp -icmp-type echo-request -m limit --limit 5/s -j ACCEPT


    ## Drop all ips DOS
    $IPTABLES -A INPUT -i $EXTERNAL_INTERFACE -s 58.186.103.244 -d $EXTERNAL_ADDR -j DROP
    $IPTABLES -A INPUT -i $EXTERNAL_INTERFACE -s 222.255.77.119 -d $EXTERNAL_ADDR -j DROP
    $IPTABLES -A INPUT -i $EXTERNAL_INTERFACE -s 58.186.217.54 -d $EXTERNAL_ADDR -j DROP

    ## Permit these UDP ports

    $IPTABLES -A INPUT -i $EXTERNAL_INTERFACE -s 0/0 -d $EXTERNAL_ADDR -p udp --dport 5060 -m limit --limit 4/s -j ACCEPT
    $IPTABLES -A INPUT -i $EXTERNAL_INTERFACE -s 0/0 -d $EXTERNAL_ADDR -p udp --dport 5080 -m limit --limit 4/s -j ACCEPT
    $IPTABLES -A INPUT -i $EXTERNAL_INTERFACE -s 0/0 -d $EXTERNAL_ADDR -p udp --dport 53 -m limit --limit 4/s -j ACCEPT

    $IPTABLES -A INPUT -i $EXTERNAL_INTERFACE -s 0/0 -d $EXTERNAL_ADDR -p udp -j ACCEPT


    ## Permit SSH
    $IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT
    $IPTABLES -A INPUT -i lo -p all -j ACCEPT

    ## Internal interface : Permit all
    $IPTABLES -A INPUT -i $INTERNAL_INTERFACE -s 0/0 -p all -j ACCEPT

    Please help me include your script into it to anti DOS. Everytime this script is run, it will reset iptables.
    Pls note, in Log_dos.txt, ips dos are ips which request more than 5 times per second. Log_dos.txt is a part copy of /var/log/message . We will write a script to filter ips dos base on message file. This file is very large so we will use tail -n 500 /var/log/message instead of. Please help.

    Thank you very much.

  • duynguyen
    RE: Help me. My server is attacked DDoS
    Thank you very much. I will try to work.
    Link to this post 01 Dec 09

    Thank you very much. I will try to work.

  • duynguyen
    RE: Help me. My server is attacked DDoS
    You wrote command, but it only have IP from log file. Can you help to add DDos's IP to iptable file for me ?
    Link to this post 30 Nov 09

    You wrote command, but it only have IP from log file. Can you help to add DDos's IP to iptable file for me ?

  • duynguyen
    Help me. My server is attacked DDoS
    I want to write a Script, it use to ati DDoS but i'm a newbie i can't do it. I have a log file http://www.mediafire.com/?yz2njlm0kzj . I want to read a DDos's IP address from log file, after that i want to add that IP to Firewall . I can do it by handicraft but i want a script, it can autorun every 5 min on my server. Thank .
    Link to this post 28 Nov 09

    I want to write a Script, it use to ati DDoS but i'm a newbie i can't do it.
    I have a log file http://www.mediafire.com/?yz2njlm0kzj . I want to read a DDos's IP address from log file, after that i want to add that IP to Firewall . I can do it by handicraft but i want a script, it can autorun every 5 min on my server.

    Thank .

Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board