From: zito.pol@zipmail.com.br
To: netfilter@lists.netfilter.org
Subject: DDoS counter-measures (Rules)
Date: Sat, 5 Apr 2003 02:12:20 -0300 [thread overview]
Message-ID: <3E8DDDF40000140F@www.zipmail.com.br> (raw)
Hi folks,
I am new in list and I am need help with some extra IPTABLES DDoS/DoS rules.
I am receiving a large volume of packets... in other words... I am been
dosed.
The IP_FRAG OUTPUT:
[**] MISC Tiny Fragments [**]
04/03-03:03:24.131192 < l/l len: 0 l/l type: 0x200 0:0BBBB
pkt type:0x0 proto: 0x800 len:0x2C
200.182.128.30 -> 200.164.250.204 ICMP TTL:39 TOS:0x0 ID:67 IpLen:20 DgmLen:28
MF
Frag Offset: 0x0680 Frag Size: 0xFFFFF988
55 55 55 55 55 55 55 55 UUUUUUUU
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
[**] MISC Tiny Fragments [**]
04/03-03:03:27.251702 < l/l len: 0 l/l type: 0x200 0:0BBBB
pkt type:0x0 proto: 0x800 len:0x2C
200.182.128.30 -> 200.164.250.204 ICMP TTL:39 TOS:0x0 ID:69 IpLen:20 DgmLen:28
MF
Frag Offset: 0x039C Frag Size: 0xFFFFFC6C
55 55 55 55 55 55 55 55 UUUUUUUU
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
[**] MISC Tiny Fragments [**]
04/03-03:03:37.406839 < l/l len: 0 l/l type: 0x200 0:0BBBB
pkt type:0x0 proto: 0x800 len:0x2C
200.182.128.30 -> 200.164.250.204 ICMP TTL:39 TOS:0x0 ID:75 IpLen:20 DgmLen:28
MF
Frag Offset: 0x0D01 Frag Size: 0xFFFFF307
55 55 55 55 55 55 55 55 UUUUUUUU
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
----------------------------------------------------------
The ICMP_ECHO OUTPUT:
[**] ICMP Large ICMP Packet [**]
04/03-03:04:07.018622 < l/l len: 0 l/l type: 0x200 0:0BBBB
pkt type:0x0 proto: 0x800 len:0x7560
200.182.128.30 -> 200.164.250.204 ICMP TTL:39 TOS:0x0 ID:89 IpLen:20 DgmLen:30032
Type:8 Code:0 ID:131 Seq:0 ECHO
00 07 2C A6 55 55 55 55 55 55 55 55 55 55 55 55 ..,.UUUUUUUUUUUU
55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 UUUUUUUUUUUUUUUU... UUUUUUUUUUUUUUUUU...
UUUUUUUU...
VERY LARGE OUTPUT (2.44 MB)
----------------------------------------------------------
Well, I need help with it... need one counter-measure... this box is one
old Pentium 2 with 512KB of band (ADSL), serving access to other 2 machines
(IPTABLES + NAT).
Any help is wellcome (some extra iptables rules too).
Best regards...
Joao Carlos
BOMPREÇO SYSTEM ADMINISTRATOR
PS: Sorry to my poor english, I am brazilian and in my country this type
of information is very hard to obtain.
------------------------------------------
Use o melhor sistema de busca da Internet
Radar UOL - http://www.radaruol.com.br
reply other threads:[~2003-04-05 5:12 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3E8DDDF40000140F@www.zipmail.com.br \
--to=zito.pol@zipmail.com.br \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.