LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 02-21-2008, 02:37 AM   #1
ddaas
Member
 
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 452

Rep: Reputation: 30
DOS protection (fudp)


Hi there,
I've tested in my LAN fudp - an utility which performs udp flooding DOS.

I was surprised that the CPU of the target gets over 90% used. The surprise was higher as I blocked all incomming traffic (iptables -I INPUT -j DROP).

Is there a posibility to avoid such an attack?

thanks
 
Old 02-21-2008, 09:20 PM   #2
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 151Reputation: 151
You should be able to limit the connection rate (I'm assuming it works for UDP in a similar way to TCP with iptables). There's more info here:
http://zedomax.com/blog/2007/12/03/d...ur-web-server/
http://forum.soft32.com/linux2/DOS-A...pict44359.html
http://help.lockergnome.com/linux/DO...ict470153.html
 
Old 02-21-2008, 11:13 PM   #3
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by gilead View Post
You should be able to limit the connection rate (I'm assuming it works for UDP in a similar way to TCP with iptables).
The way I understood it, he's not accepting any connections at all.

The iptables rule he posted would send all packets (regardless of protocol) to DROP.

Last edited by win32sux; 02-21-2008 at 11:14 PM.
 
Old 02-22-2008, 02:27 AM   #4
ddaas
Member
 
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 452

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by win32sux View Post
The way I understood it, he's not accepting any connections at all.

The iptables rule he posted would send all packets (regardless of protocol) to DROP.
Exactly, I DROP anything on INPUT. You could try it and observe the CPU.
Netfilter consumes very much processor trying to drop such a great amount of traffic.

It drops on INPUT but the packets still traverse PREROUTING chain, then comes the routing decision ant then it gets dropped.

A second problem is that in such a case all your downstream traffic is consumed by the flooded packets. Is this right?
 
Old 02-22-2008, 06:40 AM   #5
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by ddaas View Post
A second problem is that in such a case all your downstream traffic is consumed by the flooded packets. Is this right?
Right, but there isn't anything you could do about that without help from your ISP.

I'm hoping someone might shed some light on the CPU usage issue, though.

BTW, what kind of CPU is it?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Disk Protection atezun General 3 06-22-2007 03:24 PM
Executing Perl under Dos /Creating an executable for DOS alix123 Programming 1 02-15-2006 04:07 AM
DoS Attacks Protection chenkoforever Linux - Security 2 07-04-2004 04:11 PM
Dos Emulator without Dos dtheorem Linux - Software 1 10-14-2003 01:18 PM
Dos Emulator without Dos dtheorem Linux - Software 1 10-14-2003 12:52 PM


All times are GMT -5. The time now is 03:03 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration