I wanna share my plan about how we could improve our security against DoS and DDoS attacks, we already have created thousands threads "how our asses were kicked by DoS/DDoS attacks".
So first we need to whitelist ourselves, block everything, and leave only that we need.
Whitelist ourselves:
1
sudo iptables -A INPUT --source 123.123.123.123 -j ACCEPT
![•](img/dot.gif)
Blocking everything:
1
sudo iptables -P INPUT DROP
Whitelist UnrealSoftware:
1
sudo iptables -A INPUT --source 85.214.102.60 -j ACCEPT
![•](img/dot.gif)
(OPTIONAL)Reduce packets size :
1
2
2
sudo iptables -A INPUT -p udp --sport 36963:36970 -m length --length 0:28 -j DROP sudo iptables -A INPUT -p udp --sport 36963:36970 -m length --length 1200:65535 -j DROP
![•](img/dot.gif)
Allowing CS2D Users to play in our server:
1
sudo iptables -A INPUT -p udp --sport 36963:36970 -j ACCEPT
![•](img/dot.gif)
![×](img/x.gif)
I already posted something likes this in
![thread](img/i_forum.png)
![cs2d](img/icons/cs2d.png)
Bit later I sent him Private message and it seems he didnt liked idea of changing ports range, because it could lead to some problems.
So what problems it could be?
![×](img/x.gif)
![×](img/x.gif)
![×](img/x.gif)
Solutions
![√](img/ok.gif)
![√](img/ok.gif)
![>](img/i_next.png)
Toys like LOIC, UDP Unicorn and others.
Are sending packets with random source ports, and then our great wall will help us.
Same thing goes with DDoS.
DC says that a real hacker would change his source port from where the attack is launched.. Well... Okay, one hacker bypassed and thousands of others didn't due to our wall.
WAITING FOR OPINIONS
2× editiert, zuletzt 08.09.15 15:36:33