Jump to content
Search In
  • More options...
Find results that contain...
Find results in...



#0
Guest

User Menu


Sign In

Sign In



Sign Up

Forum Menu


Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!

Sign in to follow this  
nevadies

Free DDOS Protection!! Linux ONLY

Recommended Posts

T
O
P
I
C

S
T
A
R
T
E
R

I was going to sell this. But I have decided to leave the wow EMU scene. If you need assistance on this my discord is WiFi-404Verified#2160

 

if you need more settings and Kernal setting Pm me on discord! DO NOT PM me with wow-Related question's. Only pm me about Linux stuff.

 

Nodaways seems that every script kid is able to produce a soft DDOS attack, 
happily they are small and limited so they cant saturate your DNS unless
they really know what they are doing. So lets Build some rules that will
no longer allow a "Web Booter" to knock your server Offline!

lets edit Ip tables first this way we can Stop, all known attacks for a 
short time, until it is blocked by out Table rules!

iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 20 --hitcount 5 -j DROP




----Now Lets stop Invalid packets

iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP


Now lets block those Bullshit packets that "skids" Find on pastebin to attack
your servers with

iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,FIN FIN -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP




Next Lets Block those Spoofed Servers People Buy Now days

iptables -t mangle -A PREROUTING -s 224.0.0.0/3 -j DROP 
iptables -t mangle -A PREROUTING -s 169.254.0.0/16 -j DROP 
iptables -t mangle -A PREROUTING -s 172.16.0.0/12 -j DROP 
iptables -t mangle -A PREROUTING -s 192.0.2.0/24 -j DROP 
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -j DROP 
iptables -t mangle -A PREROUTING -s 10.0.0.0/8 -j DROP 
iptables -t mangle -A PREROUTING -s 0.0.0.0/8 -j DROP 
iptables -t mangle -A PREROUTING -s 240.0.0.0/5 -j DROP 
iptables -t mangle -A PREROUTING -s 127.0.0.0/8 ! -i lo -j DROP




Now lets block pings, this way the attack cant see if he got anywhere
with his attacks!

iptables -t mangle -A PREROUTING -p icmp -j DROP
iptables -A INPUT -p tcp -m connlimit --connlimit-above 80 -j REJECT --reject-with tcp-reset
iptables -A INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 60/s --limit-burst 20 -j ACCEPT 
iptables -A INPUT -p tcp -m conntrack --ctstate NEW -j DROP






Now lets stop the HARDEST attack. This will limit the SYN to 2r/s

iptables -t mangle -A PREROUTING -f -j DROP
iptables -A INPUT -p tcp --tcp-flags RST RST -m limit --limit 2/s --limit-burst 2 -j ACCEPT 
iptables -A INPUT -p tcp --tcp-flags RST RST -j DROP



Lets even set up a Proxy to handle all the SYN that gets past this limit!
Aka the Bypass methods

iptables -t raw -A PREROUTING -p tcp -m tcp --syn -j CT --notrack 
iptables -A INPUT -p tcp -m tcp -m conntrack --ctstate INVALID,UNTRACKED -j SYNPROXY --sack-perm --timestamp --wscale 7 --mss 1460 
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP



now lets also block abnormal Segment sizes

iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP



Check ip that attacks
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n


Here we will install a program called DSniff
apt-get install dsniff

Now lets kill the Ip that is attacking

tcpkill host  ip

Now lets make it so that IP can NEVER attack again
We have to install a program called Cutter for this

apt-get install cutter

now lets run cutter

cutter


NOW when you restart as of now the (Attacker) can just attack again.
So lets make it save the "Banned Ips" on restart

iptables-save > /etc/iptables.up.rules
iptables-restore < /etc/iptables.up.rules



Now Lets edit your Kernel.
My Kernel settings are No longer included.
 
                                         
                                         
                                         
                                         IF YOU FIND THIS ON ANY OTHER EMU WEBSITE OTHER THAN MMO-SOCIETY PLEASE PM ME ON DISCORD!









i have successfully mitigated DDoS attacks that peaked at multiple million packets per second using these rules.
i cant even down a Time4VPS server which has NO ddos Protextion with 912 gbps

 

 

 

 

 

Edited by nevadies

Share this post


Link to post
Share on other sites
Posted (edited)

Hi dear, thankyou for sher

i added this command

iptables -t raw -A PREROUTING -p tcp -m tcp --syn -j CT --notrack

 

but ican't join on console by putty !

Port 22

connection time out!

 

Edited by ShinSo

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

About Us

MMO-Society is the Forum former known as Lordcraft, MMO-Society offers various of Resources to help you evolve your knowledge within Emulation, In the process we make sure to form a strong community bond in-between each other and thus we are proud to can admit that MMO-Society is possibly the friendliest Community Forum to currently exist.

All trademarks referenced are the properties of their respective owners.
©2018 MMO-Society. All rights reserved.

Social Links

Discord Server Join
Twitter Follow us
×
×
  • Create New...