- Posts: 2
- Thank you received: 0
Need Help regarding DoS attacks
- sarmadsoomro
- Topic Author
- Offline
- New Member
-
Less
More
13 years 6 months ago #36872
by sarmadsoomro
Need Help regarding DoS attacks was created by sarmadsoomro
Dear Friends,
I am running a Counter Strike: Source game server on udp 27015 using windows 2003, at back end i am using ipcop 1.4.21, i am facing several DoS attacks on my server like (spp_frag3) Fragmentation overlap and (spp_frag3) Teardrop attack, due to these attack my ISP has blocked my ip because attacker is sending more than 50MB/sec and they cant bear huge amount of data. can you tell me how to prevent these attacks.
Thanks
I am running a Counter Strike: Source game server on udp 27015 using windows 2003, at back end i am using ipcop 1.4.21, i am facing several DoS attacks on my server like (spp_frag3) Fragmentation overlap and (spp_frag3) Teardrop attack, due to these attack my ISP has blocked my ip because attacker is sending more than 50MB/sec and they cant bear huge amount of data. can you tell me how to prevent these attacks.
Thanks
13 years 6 months ago #36873
by sose
sose
Network Engineer
analysethis.co/index.php/forum/index
Replied by sose on topic Re: Need Help regarding DoS attacks
May be if you had properly complained to your ISP that you are facing a DOS attack, they could help you fish out the source IPs and block them before the attack gets to you0r pipe
There are also techniques to mitigate against this attacks such as setting embryonic limits on the firewalls that support such feature, agreeing a CIR (Committed Information Rate) on your link with your ISP to try and limit Ping traffic, etc going down the link, it’s like a QoS on that link. If you are using a Cisco pix one can specify a function called emb_lim (embryonic limit) because the attack sets the target host in an embryonic state emb_lim (Optional) Specifies the maximum number of embryonic connections per host. The default is 0, which means unlimited embryonic connections. Limiting the number of embryonic connections protects you from a DoS attack. The security appliance uses the embryonic limit to trigger TCP Intercept, which protects inside systems from a DoS attack perpetrated by flooding an interface with TCP SYN packets. An embryonic connection is a connection request that has not finished the necessary handshake between source and destination. This option does not apply to outside NAT. The security appliance only tracks connections from a higher security interface to a lower security interface. If you set the embryonic limit for outside NAT, the embryonic limit will be ignored.
There are also techniques to mitigate against this attacks such as setting embryonic limits on the firewalls that support such feature, agreeing a CIR (Committed Information Rate) on your link with your ISP to try and limit Ping traffic, etc going down the link, it’s like a QoS on that link. If you are using a Cisco pix one can specify a function called emb_lim (embryonic limit) because the attack sets the target host in an embryonic state emb_lim (Optional) Specifies the maximum number of embryonic connections per host. The default is 0, which means unlimited embryonic connections. Limiting the number of embryonic connections protects you from a DoS attack. The security appliance uses the embryonic limit to trigger TCP Intercept, which protects inside systems from a DoS attack perpetrated by flooding an interface with TCP SYN packets. An embryonic connection is a connection request that has not finished the necessary handshake between source and destination. This option does not apply to outside NAT. The security appliance only tracks connections from a higher security interface to a lower security interface. If you set the embryonic limit for outside NAT, the embryonic limit will be ignored.
sose
Network Engineer
analysethis.co/index.php/forum/index
- sarmadsoomro
- Topic Author
- Offline
- New Member
-
Less
More
- Posts: 2
- Thank you received: 0
13 years 6 months ago #36875
by sarmadsoomro
Replied by sarmadsoomro on topic Re: Need Help regarding DoS attacks
I have applied following rules, tell me is it helpful and resolve my problem. i dont have enough knowledge about iptables
$IPT -N logattacker
$IPT -A logattacker -j LOG --log-prefix "SRCDS:ATTACK " --log-ip-options -m limit --limit 2/sec
$IPT -A logattacker -j DROP
$IPT -A INPUT -p udp -m udp --dport 27015 -m length --length 0:32 -j logattacker
$IPT -N logattacker
$IPT -A logattacker -j LOG --log-prefix "SRCDS:ATTACK " --log-ip-options -m limit --limit 2/sec
$IPT -A logattacker -j DROP
$IPT -A INPUT -p udp -m udp --dport 27015 -m length --length 0:32 -j logattacker
13 years 6 months ago #36882
by sose
sose
Network Engineer
analysethis.co/index.php/forum/index
Replied by sose on topic Re: Need Help regarding DoS attacks
Unfortunately I dont do iptables but there are guys in the house that can tackle your problem. And this youtube video will help you too
have a nice time
have a nice time
sose
Network Engineer
analysethis.co/index.php/forum/index
Time to create page: 0.121 seconds