Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Hi every one i am new to Linux question and to linux
One of my server underattack of dos or ddos on udp flood i want to implemeent the iptables rules which provided by my provider of server
Cisco asa 5505 >> Windows and linux servers
same subnet and same gateway for both
Default gateway xxx.xxx.213.129
Linux centos xxx.xxx.213.130
Windows server xxx.xxx.213.131
its all in datacenter
now outside and inside coming through cisco on all servers
i want to implement
cisco>>> Linux>>> windows
Server is listening on UDP port 1805 for encrypted packets, but hackers sends a lot of data for this port assuming that there is SIP server.
Such hack attepmts blocks tunnel service and good clients cannot connect to it.
To prevent our customers from such DoS attacks please add at least the following rules to your firewall:
block SIP requests REGISTER, INVITE, SUBSCRIBE that come to UDP port 1805
block more than 50pps from one IP for UDP port 1805 (one IP is not able to send more than 50 packets per second for this port)
there are sample Linux netfilter rules for such issue:
SERVER_IP - IP address of voipswitch server
iptables -A FORWARD -m string --string "INVITE sip:" --algo bm --to 65 -p udp --dport 1805 -d SERVER_IP -j DROP
iptables -A FORWARD -m string --string "REGISTER sip:" --algo bm --to 65 -p udp --dport 1805 -d SERVER_IP -j DROP
iptables -A FORWARD -m string --string "SUBSCRIBE" --algo bm --to 65 -p udp --dport 1805 -d SERVER_IP -j DROP
iptables -A FORWARD -m string --string "MESSAGE" --algo bm --to 65 -p udp --dport 1805 -d SERVER_IP -j DROP
iptables -A FORWARD -m string --string "OPTIONS" --algo bm --to 65 -p udp --dport 1805 -d SERVER_IP -j DROP
iptables -A FORWARD -m hashlimit --hashlimit 50/sec --hashlimit-mode srcip,dstport --hashlimit-name tunnel_limit -d SERVER_IP -p UDP --dport 1805 -j ACCEPT
iptables -A FORWARD -d SERVER_IP -p UDP --dport 1805 -j DROP
now i have implement these rules when i send packets to xxx.xxx.213.130 Linux udp packets it do not forward to Windows machine
It wont help, because UDP flood will come anyway, and port will be overloaded.
You can really solve your problem if your ISP would block IP from which flood come on their equipment. But ISPs don't like to do it. It wll overload their routers as well.
You can try to FORWARD through your linux firewall ONLY traffic from customers IP (if you know them), in that case you will unload port on next to firewall equipment. But if flood takes all your bandwidths - it wont help either.
By "linux firewall" I meant ordinary computer with 2 ethernet card and Linux OS, Linux by default has iptables, that works sometime better and stable then expensive "special firewall".
So all you need is to give Iptables FORWARD rules to filter only yours IP and to DROP others.
asa 5505 dont help but i am testing one new snario and will update you on it we can creat tunnel vpn and all dialers can login normaly as voip switch tunnel work and wittold i cannot find him too from 3 weeks and they all are help less . i already send request to my data center to update my linux server and add in it another network adopter i hope shortly they will add it and then i will configer invisible firewall on it for pps maybe it help if it do not bad but other way vpn tunnling is the possibalities to implement on all our dialers same dialer with out tunnel will do tunnling from cisco i am not sure but we are testing i hope there will be some good results
most probably hacker from talkfree and i dont think so from vbuzzer coz them services also effected they have one more brand ringomax we have already taking all the details and compiling to file with fbi.