UDP ataka
CERT rašo apie UDP atakas - CERT is an organization devoted to ensuring that appropriate technology and systems management practices are used to resist attacks on networked systems and to limiting damage and ensure continuity of critical services in spite of successful attacks, accidents, or failures. UDP flood kodą parašyti nesunku, Jeigu Linux-ui: PERL arba C kalba. Administratoriams siulau išbandyti šią programą: OopsCrasher.exeTestas ugniasienėms lokaliame tinkle: 5 kompiuteriai atakuoja uždarytą UDP portą, ugniasienė įjungta. 5 kompiuteriai atakuoja uždarytą UDP portą, ugniasienė išjungta. 5 kompiuteriai atakuoja atidarytą UDP portą, ugniasienė įjungta. 5 kompiuteriai atakuoja atidarytą UDP portą, ugniasienė išjungta. Atakuojamas pradžioje Windows kompiuteris, Po to , tarkim, Linux Debian. Kai kuriais atvejais gaunamas gan pavojingas procesoriaus ir tinklo plokštės apkrovimas. Ar ugniasienės blokuoja efektyviai? Ištraukos iš forumų: #1 I've tested Iptables, clearly useless against a 3 lines C code of udp flood, result: CPU 100%, no answer from the machine, ping timeoutAgainst a syn-flood same result until you compile the kernel whith the syncookies.
#2 I've tried to limit iptables using this:
Code:
$IPTABLES -N SAMP
$IPTABLES -A SNMP -m limit --limit 1/s --limit-burst 2 -j DROP
$IPTABLES -A SAMP -j LOG --log-prefix "IPTABLES TOTAL LOG: "
$IPTABLES -A SAMP -j ACCEPT
This didn't work either among other tries, hope anyone got a clue how to find the difference between regular packets and flood packets.#3 Use:
iptables -A INPUT -i eth0 -p udp -m limit --limit 10/s -j ACCEPT#4 I don't know what you mean by "system level" but you can use iptables
"limit" and/or "recent", perhaps something like this:
iptables -N DDoS
iptables -A DDoS -m limit --limit 16/s --limit-burst 32 -j RETURN
iptables -A DDoS -j LOG # Optional
iptables -A DDoS -j DROP
iptables -A FORWARD -p udp -j DDoS
iptables -A INPUT -p udp -j DDoS
I've forgotten if this is applicable for UDP, but my line for TCP says
iptables -A FORWARD -p tcp --tcp-flags SYN,RST,ACK SYN -j DDoS
which handles SYN flood.
I also limit new SSH connections with
iptables -A FORWARD -m state --state NEW -m recent --update \
--seconds 15 -j DROP
iptables -A FORWARD -m state --state NEW -m recent --set -j ACCEPT
--
I don't know what you mean by "system level" but you can use iptables
"limit" and/or "recent", perhaps something like this:
iptables -N DDoS
iptables -A DDoS -m limit --limit 16/s --limit-burst 32 -j RETURN
iptables -A DDoS -j LOG # Optional
iptables -A DDoS -j DROP
iptables -A FORWARD -p udp -j DDoS
iptables -A INPUT -p udp -j DDoS
I've forgotten if this is applicable for UDP, but my line for TCP says
iptables -A FORWARD -p tcp --tcp-flags SYN,RST,ACK SYN -j DDoS
which handles SYN flood.
I also limit new SSH connections with
iptables -A FORWARD -m state --state NEW -m recent --update \
--seconds 15 -j DROP
iptables -A FORWARD -m state --state NEW -m recent --set -j ACCEPT
--
buck Kas čia? >>>>Skype klientai kreipiasi į Skype serverį.
|
