PoiNtEr->: HACKER's Diary 3

                             Difference between a dream and an aim. A dream requires soundless sleep, whereas an aim requires sleepless efforts.

Search This Blog

Tuesday, December 20, 2011

HACKER's Diary 3

Protect Yourself From DDOS and Brute Force Attacks using IPTABLES in linux

The Linux firewall is called iptables. Iptables is very powerful and features include :
1:Filtering - (blocking unwanted traffic). You can filter incoming and outgoing traffic by user, group, time/date, or service (application).
2:NAT (Routing). If your computer has two or more network cards (or if you are using virtualization) you can use a spare computer as a router, one network card connected to the Internet and the other to your LAN with iptables monitoring and filtering traffic.
3:Logging (monitoring) network traffic.
4:Block brute force or DOS attacks.

Block Brute Force attempts (SSH or other connections)
1:iptables -A INPUT -p tcp -m tcp --dport 22 -m tcp -m state --state NEW -m recent --set --name SSH --rsource
2:iptables -A INPUT -p tcp -m tcp --dport 22 -m recent --update --seconds 600 --hitcount 8 --rttl 3:name SSH --rsource -j DROP
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

In Dos attack generally Attacker tries to flood the victim with large number of packets using hping3.
The Internet Control Message Protocol (ICMP) has many messages that are identified by a "type" field. You need to use 0 and 8 ICMP code types.
1:Zero (0) is for echo-reply
2:Eight (8) is for echo-request.

iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP  
iptables -A OUTPUT -p icmp --icmp-type 8 -j DROP

No comments:

Post a Comment