Friday, July 17, 2015

debian - DDos attack filter

Im running a debian linux VPS server with a garrysmod server. Today I've recieved a ddos attack and I could log by using tshark the next:



4.213248 91.204.63.5 -> 176.58.101.xx UDP Source port: 28960 Destination pot: 28915

4.213252 194.146.132.110 -> 176.58.101.xx UDP Source port: 28960 Destinationport: 28915
4.213257 217.65.3.29 -> 176.58.101.xx UDP Source port: 28960 Destination pot: 28915
4.213261 208.167.240.68 -> 176.58.101.xx UDP Source port: 28960 Destination ort: 28915
4.213266 94.141.160.17 -> 176.58.101.xx QUAKE3 Connectionless Server to Clien
4.213270 83.217.192.242 -> 176.58.101.xx UDP Source port: 28960 Destination ort: 28915
4.213275 188.134.31.51 -> 176.58.101.xx UDP Source port: 28967 Destination prt: 28915
4.216109 208.167.xx4.111 -> 176.58.101.xx UDP Source port: 28960 Destinationport: 28915
4.216125 66.55.149.202 -> 176.58.101.xx UDP Source port: 28960 Destination prt: 28915
4.216133 208.167.xx4.27 -> 176.58.101.xx UDP Source port: 28960 Destination ort
4.216176 85.21.79.xx -> 176.58.101.xx UDP Source port: 28960 Destination pot: 28915

4.216183 208.167.xx4.127 -> 176.58.101.xx UDP Source port: 28960 Destinationport: 28915
4.216190 94.229.34.11 -> 176.58.101.xx UDP Source port: 28960 Destination pot: 28915
4.216197 91.203.178.84 -> 176.58.101.xx QUAKE3 Connectionless Server to Client


I just figured out that some packets have Quake3 protocol or kind of, that is strange since im not hosting any quake server.
My question is, can I use iptables to filter the incoming packets that have that Quake3 conectionless procotol? if so how?

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...