TUTORIAL] Basic DoS DDoS protection (IPTV PANEL)
Found this a good read as wellbe advised that this is just very very basic
DDoS and DoS protection in real case is:
- a good infrastructure
- external firewalls
- core routers external from firewall
- a good overwatch
- fallback systems
and much more.
So this wont keep you from a real DDoS attack but however it could keep some idiot skids from taking you down.
What we basically take to establish a little security is iptables. it should be preinstalled on nearly every servers but in case it isnt you can do it e.g. in the following ways:
Debian:
apt-get install iptables
CentOS:
yum install iptables
And so on and so on. Off course you need to run this with administrative rights.
Now we can do some configuration.
So at first we will just block a connection if its hitting an UDP port X more then Y times a second:
iptables -A INPUT -p udp -m udp --dport X -m state --state NEW -m recent --set --name DEFAULT --rsource
iptables -A INPUT -p udp -m udp --dport X -m state --state NEW -m recent --update --seconds 1 --hitcount Y --name DEFAULT --rsource -j REJECT
Next we could control some established connections.
iptables -A INPUT -p tcp --syn -m limit --limit 1 /s --limit-burst X -j DROP
This will actually drop all new connection attempts after X connections are established.
Off yourse you have to think of a reasonable value here and insert it. Just before the skids start asking.
And furthermore since we are on a Linux-System we could drop all microshit (SMB&CIFS&Stuff). You can also modify this rule to block every port your server does not need:
$IPTABLES -A INPUT -p tcp -m multiport --dports 135,137,138,139,445,1433,1434 -j DROP
$IPTABLES -A INPUT -p udp -m multiport --dports 135,137,138,139,445,1433,1434 -j DROP
However this was some basic playaround with the IPtables. You can from this just get a bit further. Just think.
Depending on your configuration you may need some Administrative rights ro insert the rules as well as to display them. By the way you can see all the rules and status of your firewall with:
iptables -L -n
So what else can you do?
ATTENTION: Everything I'll show now will contain kernel modification. I am not an will neither be responsible for any damage taken to your system.
It may be that under a certain configuration besides the kernel, this changes can cause damage to your system! Handle with care!
You could disable all SYN/SSYN flood attacks, with setting a TCP-Syncookie for every connection.
To do so, edit your /proc/sys/net/ipv4/tcp_syncookies, or do:
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
Also its a good idea to ignore all incoming ICMP echo requests:
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
Furthermore you have kind of some inbuilt spoofing protection, what only needs to be activated. I'd do this in bash:
#!/bin/bash
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $i; done