ICMP fragments DOS Attack
fateswarm
admin at www0.org
Tue Feb 18 15:36:01 EET 2003
On Tue, Feb 18, 2003 at 01:58:40PM +0200, CyberCr33p wrote:
> kalispera,
>
> Kapoios mou kanei dos attack stelnontas icmp fragments se enan server mou. To attack ginetai apo 6-7 diaforetikous servers. Uparxei kapoios tropos na empodisw na mou trwei bandwidth? H prepei anagkastika na epikoinwnisw me ton ISP na mou blockaroun autoi ta icmp paketa pou erxonte pros ton server mou?
>
> sta iptables exw to eksis rule:
>
> $IPTABLES -A INPUT -p icmp -f -j LOG --log-prefix "IPTABLES FRAGMENTS: "
> $IPTABLES -A INPUT -p icmp -f -j DROP
>
> Auto kanonika eprepe na loggarei sto /var/log/syslog tin epithesi. To oti mou kanoun dos attack me auti tin methodo to exw dei apo to programma iptraf ennw sta logs den fainete tipota.
>
> Euxaristw gia tin boitheia.
To na kleineis ola ta icmp den einai kai toso logiko, mporei p.x. a
8eleis na kaneis ping esu to mixanima kai diafora protokola ta
xreiazontai. protinw auto:
Agnoeis ta broadcast pings kai afhneis ta sxetika me sena:
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "0" > /proc/sys/net/ipv4/icmp_echo_ignore_all
Agnoeis kapoia paraksena icmp errors:
echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
To shmantiko, klineis kai logareis ta icmp mono an perasoun ena orio, se
auto to paradeigma an perasoun ta 2 ana deuterolepto:
$IPTABLES -A INPUT -p icmp --icmp-type echo-request -j DROP
$IPTABLES -I INPUT -p icmp --icmp-type echo-request -m limit \
--limit 2/s -j LOG --log-prefix *****PING-FLOOD-BLOCKED*****
$IPTABLES -I INPUT -p icmp --icmp-type echo-request -m limit \
--limit 2/s -j ACCEPT
(to an to parapanw efarmozetai opos einai se sena eksartatai ti rules exeis
apo prin sto input kai an exeis dhlwsei to $IPTABLES)
More information about the Linux-greek-users
mailing list