GoFuckYourself.com - Adult Webmaster Forum - View Single Post

SplitInfinity · 05-30-2006, 05:55 PM

Chris, hit me up on AIM, I will help U bro.

Run this command for now:
netstat -an|grep SYN|gawk '{print $5}' | gawk -F. '{print "iptables -A INPUT -j DROP -s "$1"."$2"."$3".0/24 -d 0/0 -p all"}'

After you run that (paste it into shell on one line) copy all the iptables lines out of the results and paste them back into the command line.
That will block out the spoofed ip's they are using from hitting you.

Also, type (copy/paste) this stuff, line by line into ssh:

# Tune File Swappiness down a bit to reduce swap thrashing
echo 40 > /proc/sys/vm/swappiness

# Turn on tcp_syncookies - VERY IMPORTANT to stop DDoS
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

# Turn on Source Address Verification
echo 1 >/proc/sys/net/ipv4/conf/all/rp_filter

#Reduce DoS'ing ability by reducing timeouts
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo 0 > /proc/sys/net/ipv4/tcp_sack

#the number of TCP SYN packets that the server can queue before SYNs are dropped
sysctl -w net.ipv4.tcp_max_syn_backlog=30000
#Increase the number of connections that are allowed in TIME-WAIT state
sysctl -w net.ipv4.tcp_max_tw_buckets=2000000
#Configure parameters to set the length for the number of packets that can be queued in the network core
sysctl -w net.core.netdev_max_backlog=50000
#TCP WINDOW SIZE
sysctl -w net.core.rmem_max=16777216
sysctl -w net.core.wmem_max=16777216
sysctl -w net.ipv4.tcp_rmem="500000 1000000 16777216"
sysctl -w net.ipv4.tcp_wmem="500000 1000000 16777216"
#KERNEL TUNES
sysctl -w net.ipv4.ip_forward=0
sysctl -w net.ipv4.conf.all.accept_source_route=0
sysctl -w net.ipv4.conf.all.send_redirects=0
sysctl -w net.ipv4.conf.all.accept_redirects=0
sysctl -w net.ipv4.conf.all.secure_redirects=0
sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1
sysctl -w net.ipv4.ipfrag_time=15
sysctl -w net.ipv4.tcp_ecn=0
sysctl -w net.ipv4.tcp_fin_timeout=10
sysctl -w net.ipv4.tcp_syn_retries=3
sysctl -w net.ipv4.tcp_synack_retries=3
sysctl -w net.ipv4.tcp_keepalive_probes=7
sysctl -w net.ipv4.tcp_orphan_retries=5

#IPTABLES SYN PROTECTION - MODIFY THE BELOW to MATCH YOUR SERVERS IP's
iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP
iptables -A INPUT -p tcp --tcp-option 64 -j DROP
iptables -A INPUT -p tcp --tcp-option 128 -j DROP
iptables -A INPUT -p tcp --syn -m limit --limit 4/s -j ACCEPT
iptables -A INPUT -p tcp --syn -m limit --limit 4/s -j ACCEPT
iptables -A INPUT -p tcp -d 38.96.5.146 --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 4/s -j ACCEPT
iptables -A INPUT -p tcp -d 38.96.5.147 --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 4/s -j ACCEPT
iptables -A INPUT -p tcp -d 38.96.5.148 --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT

#ANTISPOOFING
for a in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $a done

#NO SOURCE ROUTE
for z in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo 0 > $z done

#SYN COOKIES
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
#echo $ICMP_ECHOREPLY_RATE > /proc/sys/net/ipv4/icmp_echoreply_rate
echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo "1" > /proc/sys/net/ipv4/conf/all/accept_redirects
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians

05-30-2006, 05:55 PM
SplitInfinity Confirmed User Join Date: Dec 2002 Location: San Diego, CA Posts: 3,047	Chris, hit me up on AIM, I will help U bro. Run this command for now: netstat -an\|grep SYN\|gawk '{print $5}' \| gawk -F. '{print "iptables -A INPUT -j DROP -s "$1"."$2"."$3".0/24 -d 0/0 -p all"}' After you run that (paste it into shell on one line) copy all the iptables lines out of the results and paste them back into the command line. That will block out the spoofed ip's they are using from hitting you. Also, type (copy/paste) this stuff, line by line into ssh: # Tune File Swappiness down a bit to reduce swap thrashing echo 40 > /proc/sys/vm/swappiness # Turn on tcp_syncookies - VERY IMPORTANT to stop DDoS echo 1 > /proc/sys/net/ipv4/tcp_syncookies # Turn on Source Address Verification echo 1 >/proc/sys/net/ipv4/conf/all/rp_filter #Reduce DoS'ing ability by reducing timeouts echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time echo 1 > /proc/sys/net/ipv4/tcp_window_scaling echo 0 > /proc/sys/net/ipv4/tcp_timestamps echo 0 > /proc/sys/net/ipv4/tcp_sack #the number of TCP SYN packets that the server can queue before SYNs are dropped sysctl -w net.ipv4.tcp_max_syn_backlog=30000 #Increase the number of connections that are allowed in TIME-WAIT state sysctl -w net.ipv4.tcp_max_tw_buckets=2000000 #Configure parameters to set the length for the number of packets that can be queued in the network core sysctl -w net.core.netdev_max_backlog=50000 #TCP WINDOW SIZE sysctl -w net.core.rmem_max=16777216 sysctl -w net.core.wmem_max=16777216 sysctl -w net.ipv4.tcp_rmem="500000 1000000 16777216" sysctl -w net.ipv4.tcp_wmem="500000 1000000 16777216" #KERNEL TUNES sysctl -w net.ipv4.ip_forward=0 sysctl -w net.ipv4.conf.all.accept_source_route=0 sysctl -w net.ipv4.conf.all.send_redirects=0 sysctl -w net.ipv4.conf.all.accept_redirects=0 sysctl -w net.ipv4.conf.all.secure_redirects=0 sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1 sysctl -w net.ipv4.ipfrag_time=15 sysctl -w net.ipv4.tcp_ecn=0 sysctl -w net.ipv4.tcp_fin_timeout=10 sysctl -w net.ipv4.tcp_syn_retries=3 sysctl -w net.ipv4.tcp_synack_retries=3 sysctl -w net.ipv4.tcp_keepalive_probes=7 sysctl -w net.ipv4.tcp_orphan_retries=5 #IPTABLES SYN PROTECTION - MODIFY THE BELOW to MATCH YOUR SERVERS IP's iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP iptables -A INPUT -p tcp --tcp-flags ALL FIN -j DROP iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP iptables -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP iptables -A INPUT -p tcp --tcp-option 64 -j DROP iptables -A INPUT -p tcp --tcp-option 128 -j DROP iptables -A INPUT -p tcp --syn -m limit --limit 4/s -j ACCEPT iptables -A INPUT -p tcp --syn -m limit --limit 4/s -j ACCEPT iptables -A INPUT -p tcp -d 38.96.5.146 --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 4/s -j ACCEPT iptables -A INPUT -p tcp -d 38.96.5.147 --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 4/s -j ACCEPT iptables -A INPUT -p tcp -d 38.96.5.148 --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT #ANTISPOOFING for a in /proc/sys/net/ipv4/conf//rp_filter; do echo 1 > $a done #NO SOURCE ROUTE for z in /proc/sys/net/ipv4/conf//accept_source_route; do echo 0 > $z done #SYN COOKIES echo 1 > /proc/sys/net/ipv4/tcp_syncookies echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all #echo $ICMP_ECHOREPLY_RATE > /proc/sys/net/ipv4/icmp_echoreply_rate echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses echo "1" > /proc/sys/net/ipv4/conf/all/accept_redirects echo "1" > /proc/sys/net/ipv4/conf/all/log_martians