Tutorial Basic DoS DDoS protection (IPTV PANEL)

[Professor]

Basic DoS DDoS protection (IPTV PANEL)​

Found this a good read as well
be advised that this is just very very basic

DDoS and DoS protection in real case is:
- a good infrastructure
- external firewalls
- core routers external from firewall
- a good overwatch
- fallback systems

and much more.
So this wont keep you from a real DDoS attack but however it could keep some idiot skids from taking you down.

What we basically take to establish a little security is iptables. it should be preinstalled on nearly every servers but in case it isnt you can do it e.g. in the following ways:

Debian:
apt-get install iptables

CentOS:
yum install iptables

And so on and so on. Off course you need to run this with administrative rights.

Now we can do some configuration.
So at first we will just block a connection if its hitting an UDP port X more then Y times a second:
iptables -A INPUT -p udp -m udp --dport X -m state --state NEW -m recent --set --name DEFAULT --rsource iptables -A INPUT -p udp -m udp --dport X -m state --state NEW -m recent --update --seconds 1 --hitcount Y --name DEFAULT --rsource -j REJECT

Next we could control some established connections.
iptables -A INPUT -p tcp --syn -m limit --limit 1 /s --limit-burst X -j DROP

This will actually drop all new connection attempts after X connections are established.
Off yourse you have to think of a reasonable value here and insert it. Just before the skids start asking.

And furthermore since we are on a Linux-System we could drop all microshit (SMB&CIFS&Stuff). You can also modify this rule to block every port your server does not need:
$IPTABLES -A INPUT -p tcp -m multiport --dports 135,137,138,139,445,1433,1434 -j DROP $IPTABLES -A INPUT -p udp -m multiport --dports 135,137,138,139,445,1433,1434 -j DROP

However this was some basic playaround with the IPtables. You can from this just get a bit further. Just think.
Depending on your configuration you may need some Administrative rights ro insert the rules as well as to display them. By the way you can see all the rules and status of your firewall with:
iptables -L -n

So what else can you do?
ATTENTION: Everything I'll show now will contain kernel modification. I am not an will neither be responsible for any damage taken to your system.
It may be that under a certain configuration besides the kernel, this changes can cause damage to your system! Handle with care!

You could disable all SYN/SSYN flood attacks, with setting a TCP-Syncookie for every connection.
To do so, edit your /proc/sys/net/ipv4/tcp_syncookies, or do:
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

Also its a good idea to ignore all incoming ICMP echo requests:
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all

Furthermore you have kind of some inbuilt spoofing protection, what only needs to be activated. I'd do this in bash:

#!/bin/bash

for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $i; done

Oh last but not least maybe you should make your server neither accept nor resend any ICMP redirects:

#!/bin/bash

for i in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo 0 > $i; done

for i in /proc/sys/net/ipv4/conf/*/send_redirects; do echo 0 > $i; done

I hope this helped some of you.
Regards

 

[FenixTV]

Thanks a lot for the guidance. Normally described!