Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
SDN 101: An Introduction to Software Defined Networking
Discover the advantages of SDN.
SDN has quickly become one of the hottest trends in IT. But not all SDN solutions offer real software-defined functionality. As more enterprises consider SDN, they want to know, “What is SDN? And what are the real benefits?” If you're ready to explore the advantages of SDN, and want to know how it should be implemented within your enterprise, start by reading our introductory white paper.
Click Here to receive this Complete Guide absolutely free.
Hi every one i am new to Linux question and to linux
One of my server underattack of dos or ddos on udp flood i want to implemeent the iptables rules which provided by my provider of server
Cisco asa 5505 >> Windows and linux servers
same subnet and same gateway for both
Default gateway xxx.xxx.213.129
Linux centos xxx.xxx.213.130
Windows server xxx.xxx.213.131
its all in datacenter
now outside and inside coming through cisco on all servers
i want to implement
cisco>>> Linux>>> windows
Server is listening on UDP port 1805 for encrypted packets, but hackers sends a lot of data for this port assuming that there is SIP server.
Such hack attepmts blocks tunnel service and good clients cannot connect to it.
To prevent our customers from such DoS attacks please add at least the following rules to your firewall:
block SIP requests REGISTER, INVITE, SUBSCRIBE that come to UDP port 1805
block more than 50pps from one IP for UDP port 1805 (one IP is not able to send more than 50 packets per second for this port)
there are sample Linux netfilter rules for such issue:
SERVER_IP - IP address of voipswitch server
iptables -A FORWARD -m string --string "INVITE sip:" --algo bm --to 65 -p udp --dport 1805 -d SERVER_IP -j DROP
iptables -A FORWARD -m string --string "REGISTER sip:" --algo bm --to 65 -p udp --dport 1805 -d SERVER_IP -j DROP
iptables -A FORWARD -m string --string "SUBSCRIBE" --algo bm --to 65 -p udp --dport 1805 -d SERVER_IP -j DROP
iptables -A FORWARD -m string --string "MESSAGE" --algo bm --to 65 -p udp --dport 1805 -d SERVER_IP -j DROP
iptables -A FORWARD -m string --string "OPTIONS" --algo bm --to 65 -p udp --dport 1805 -d SERVER_IP -j DROP
iptables -A FORWARD -m hashlimit --hashlimit 50/sec --hashlimit-mode srcip,dstport --hashlimit-name tunnel_limit -d SERVER_IP -p UDP --dport 1805 -j ACCEPT
iptables -A FORWARD -d SERVER_IP -p UDP --dport 1805 -j DROP
now i have implement these rules when i send packets to xxx.xxx.213.130 Linux udp packets it do not forward to Windows machine
It wont help, because UDP flood will come anyway, and port will be overloaded.
You can really solve your problem if your ISP would block IP from which flood come on their equipment. But ISPs don't like to do it. It wll overload their routers as well.
You can try to FORWARD through your linux firewall ONLY traffic from customers IP (if you know them), in that case you will unload port on next to firewall equipment. But if flood takes all your bandwidths - it wont help either.
By "linux firewall" I meant ordinary computer with 2 ethernet card and Linux OS, Linux by default has iptables, that works sometime better and stable then expensive "special firewall".
So all you need is to give Iptables FORWARD rules to filter only yours IP and to DROP others.
asa 5505 dont help but i am testing one new snario and will update you on it we can creat tunnel vpn and all dialers can login normaly as voip switch tunnel work and wittold i cannot find him too from 3 weeks and they all are help less . i already send request to my data center to update my linux server and add in it another network adopter i hope shortly they will add it and then i will configer invisible firewall on it for pps maybe it help if it do not bad but other way vpn tunnling is the possibalities to implement on all our dialers same dialer with out tunnel will do tunnling from cisco i am not sure but we are testing i hope there will be some good results
most probably hacker from talkfree and i dont think so from vbuzzer coz them services also effected they have one more brand ringomax we have already taking all the details and compiling to file with fbi.