We are in the process of migrating this forum. A new space will be available soon. We are sorry for the inconvenience.

DDoS Attack auf shoutcast server


smoon
17.05.16, 12:39
Wenn es sich um TCP handelt kannst du versuchen das ganze mit Nullrouten wenigstens erstmal etwas zu beschränken.

Auf der Konsole als root: route add sourceip/sourcenet reject, Beispiel:

Code:
IP:

route add 12.34.56.78 reject

Netz:

route add 12.34.56.0/24 reject
Auf dauer ist das natürlich keine endgültige Lösung dürfte aber erstmal etwas Abhilfe schaffen.

LapTop
13.05.16, 13:39
Hallo, der server ist grad noch zu erreichen nach dem ich iptables installiert habe,
es ist tcp traffic so wie es aussieht

Code:
tcp        0      0 server:webcache         78.51.79.62:58814       SYN_RECV   
tcp        0      0 server:webcache         81.214.187.158.dy:50392 SYN_RECV   
tcp        0      0 server:webcache         95.13.212.203:51141     SYN_RECV   
tcp        0      0 server:webcache         176.2.68.213:53488      SYN_RECV   
tcp        0      0 server:webcache         46.196.134.59:42667     SYN_RECV   
tcp        0      0 server:webcache         212.252.170.109:49686   SYN_RECV   
tcp        0      0 server:webcache         95.9.225.132.stat:49395 SYN_RECV   
tcp        0 235300 server:webcache         37.165.169.6:12356      VERBUNDEN  
tcp       32      0 server:50981            46.105.114.166:https    CLOSE_WAIT 
tcp        0  13587 server:webcache         88.241.10.112.dyn:32916 VERBUNDEN  
tcp        0      0 server:webcache         78.161.231.49.dyn:49979 VERBUNDEN  
tcp        0      1 server:webcache         78.177.217.148:50486    FIN_WAIT1  
tcp        0 122127 server:webcache         178.240.3.234:54986     VERBUNDEN  
tcp        0  14132 server:webcache         88.226.59.100.dyn:54650 VERBUNDEN  
tcp        0      1 server:webcache         5.46.245.114:52126      FIN_WAIT1  
tcp        0      0 server:webcache         server.radiocret.:40879 VERBUNDEN  
tcp        0  36559 server:webcache         ip70.ip-178-33-35:47883 VERBUNDEN  
tcp        0  36201 server:webcache         109.45.0.174:21122      FIN_WAIT1  
tcp        0      0 server:47615            server:webcache         VERBUNDEN  
tcp        0      1 server:webcache         46.2.87.177:62892       FIN_WAIT1  
tcp        0      0 server:webcache         78.169.140.86:24734     FIN_WAIT2  
tcp        0 249925 server:webcache         212.252.57.188:10959    FIN_WAIT1  
tcp        0 414919 server:webcache         163.172.22.146:59881    VERBUNDEN  
tcp        0   2665 server:webcache         m77-218-241-178.c:22507 VERBUNDEN  
tcp        0  43583 server:webcache         95.152.70.104:49942     VERBUNDEN  
tcp        0      0 server:webcache         37.165.169.6:12642      VERBUNDEN

J-B
13.05.16, 08:12
Hast du mal den Traffic analysiert? Ist das TCP oder UDP?

Macht die DDoS dein Server platt?

LapTop
12.05.16, 22:41
Der Server wird täglich seit Monaten attackiert ,

So you Start DDosS Schutz kann nicht stoppen.

was kann mann da noch am besten machen ?

heutige DDoS Attack

https://picload.org/image/rgocrigo/b...5-12um22.2.png

https://picload.org/image/rgocrigc/b...5-12um22.2.png

So sieht meine iptables rules aus

Code:
[root@server ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  88.250.110.36        anywhere            
DROP       all  --  88.249.40.139        anywhere            
DROP       all  --  37.59.225.240        anywhere            
DROP       all  --  79.123.234.21        anywhere            
DROP       all  --  188.57.165.101       anywhere            
DROP       all  --  51.255.67.76         anywhere            
DROP       all  --  151.80.21.76         anywhere            
DROP       tcp  --  anywhere             anywhere             match-set cn.set src
DROP       tcp  --  anywhere             anywhere             match-set cn.set src
DROP       all  --  118.39.85.235        anywhere            
DROP       all  --  202.198.176.124      anywhere            
DROP       all  --  62.210.141.190       anywhere            
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:onehome-help
f2b-sshd   tcp  --  anywhere             anywhere             multiport dports ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpts:irdmi:ndmp
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited
ACCEPT     tcp  --  anywhere             anywhere             tcp dpts:irdmi:ndmp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:mnp-exchange
syn_flood  tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN
RETURN     tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 3
ACCEPT     icmp --  anywhere             anywhere             limit: avg 1/sec burst 1
LOG        icmp --  anywhere             anywhere             limit: avg 1/sec burst 1 LOG level warning prefix "PING-DROP"
DROP       icmp --  anywhere             anywhere            
DROP       tcp  --  anywhere             anywhere             match-set cn.set src

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       udp  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:smtp
ACCEPT     icmp --  anywhere             anywhere            
DROP       udp  --  anywhere             anywhere            

Chain f2b-sshd (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain syn_flood (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere             limit: avg 1/sec burst 3
DROP       all  --  anywhere             anywhere