New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
iptables UDP Flood Protection Not Working
This is the reason why I bought a VPS For 75 cents :P
Anyways, I'm using this simple rule for iptables to DROP
all incoming udp..
iptables -A INPUT -p udp -j DROP
But, when using a UDP spammer like LOIC, the packets are still being sent and not dropped? I am using iftop to see the bandwidth:
An attacker could leave this thing running just for several minutes / hours and use up all my bandwidth obviously.. Anyway to mitigate this?
Comments
It hits and gets dropped. Traffic will still reaches your IP no matter what (unless your IP gets nullrouted). IPTables only just stops it from being processed by your server.
Some DDoS protected providers only count traffic that are not dropped by the physical firewall or your server. Maybe you can try them.
Well darn... It's really that easy then to use up someone's bandwidth? Just download LOIC and do a UDP flood even if they are dropped via iptables? That doesn't seem fair, the whole reason why I wanted to get on a linux box is to use iptables to prevent this type of flooding.... Well.. bummer.
I'm guessing, the only way for this bandwidth not to be reached is for it be blocked at the physical layer? Which iptables doesn't have access to it, right? Only the physical router/firewall at the DC I assume?
Edit: So this is where the term 'DoS / DDOS Prevention' comes into play that hosts offer? :P
LMAO you guys are naughty as hell, holee sheet
Ripppp
You can take a look at Limestone Networks, they offer DDoS protection through blacklotus. However, it isn't very LEB pricing.
If you want LEB pricing, you might want to look at SecuredDragon or Vultr (they offer protection in NJ only) or BuyVM .
i do not like your tools and screenshots (please do not flood me)
Hmm?
Where did you seen that iptables is "anti-ddos protection tool"? Iptables is firewall. It filter packets, and nothing else. It has nothing with UDP Flood protection and can't do anything in this part. The only reason where iptables can help is reduce total number of packets, which your software need to process.
Well, what I'm doing is not a DDOS, but just a simple udp flood. I just misunderstood the rules of iptables. I was thinking that if the PACKET was dropped, it wouldn't show up or hit the server.. But I'm very, VERY wrong.. I have no idea why I had such a misconception..
GIANT_CRAB explained to me some good information in PM as well. Pretty nice person. I kept thinking iptables can be used as a physical firewall system when it's under VPS's, but it cannot. (AFAIK). I have to rely on my upstream provider I think to stop the UDP.
Check out x4b.net - you can use their ddos protected reverse proxies in front of your real server ip. Just make sure that you whitelist the ip adresses from those reverse proxies in your iptable rules because the proxies will handle all visitor requests.
It's really just simple math. If the attacker's upstream bandwidth is greater than the victim's downstream bandwidth, the only thing the victim can do to protect itself is to buy more downstream bandwidth.
Is it possible for an upstream provider to take requests to ban the ip at the physical layer's firewall upon request from the user (me)? For example if I am checking my live server and see this happening, I could send in a support ticket or something? Or is that the job of the network administrator's to check that stuff manually / periodically and take appropriate action? Or would they rather just null route me and be done with it?
It's pointless. IP can be spoofed. DNS or NTP amplification is also another thing.
Awwww... Yeah. Alrighty, well I guess it's basically inevitable. Sit back and take in as much as you can and try to come out alive and use as much iptables (or w/e protection you can) and add as much layers of protection as your intelligence knows and hope to come out NOT null routed.. Haha. Fuck I just want to go back on localhost and code.. this is scary...
@dillybob also this you might wanna read if you go with the reverse proxies
https://www.x4b.net/kb/RealIP
it would suck if you banned your proxy ip's instead of the real visitors!
Sent you some retardly stupid questions via pm @Mark_R I don't want to be laughed at to much publicly. Thanks.
Always good to know more things and mistakes. We
**DO**
learn from itDid you get permission from your ISP, the upstream providers, and ChicagoVPS to DOS attack their servers in violation of US federal law (applicable to their location, surely not explicitly legal in yours)?
Nope and I can see your point but using it for several seconds just to educate myself on iptables is of invaluable information to me and definitely worth more than 75 cents! I've used less than 0.5% of bandwidth on this VPS and if I caused other clients to crash on the node.. well if the node cannot handle 2MB/s udp flooding for 3-7 seconds.. I don't know what to tell ya ^_^.
Although, if 2 officers arrive at my home tomorrow with a search warrant and I get to meet Chris Fabozzi in court..I'll be more than humbled.