By
Guest house
Hi
On my router:
Tomato v1.28.0000 MIPSR2-2.4-123 K26 USB AIO
========================================================
Welcome to the Netgear WNR3500L v2 [TomatoUSB]
# uname -a
Linux unknown 2.6.22.19 #4 Wed Oct 29 11:33:28 CET 2014 mips GNU/Linux
got problem with DDoS attack. From time to time - usually every day between 6 p.m. - 01:00 a.m. - somebody is attacking. I`m not sure he is attacking from only one IP address or many.
I got no proper rules for my iptables and i`m not sure exacly how to defend from this kind of attack.
I think this kind of attack is not on TCP but UDP protocol. Why? becouse i think somebody is trying to DDoS my TeamSpeak v3 server behind that router. If TeamSpeak is turned off - there are not DDoS attack at all, my router is alive and not under heavy traffic.
Using iptables && conntrack got a problem, becouse my iptables rules are not accepted becouse i got no conntrack :
# iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP
iptables v1.3.8: Couldn't load match `conntrack':File not found
Try `iptables -h' or 'iptables --help' for more information.
That is weird becouse i think i got it:
# lsmod | grep conntrack
nf_conntrack_h323 37152 0
nf_conntrack_ipv6 14176 3
# modprobe -l | grep conntrack
/lib/modules/2.6.22.19/kernel/net/netfilter/nf_conntrack_h323.ko
/lib/modules/2.6.22.19/kernel/net/netfilter/nf_conntrack_proto_gre.ko
/lib/modules/2.6.22.19/kernel/net/netfilter/nf_conntrack_sip.ko
/lib/modules/2.6.22.19/kernel/net/ipv6/netfilter/nf_conntrack_ipv6.ko
/lib/modules/2.6.22.19/kernel/net/netfilter/nf_conntrack_ftp.ko
/lib/modules/2.6.22.19/kernel/net/netfilter/nf_conntrack_pptp.ko
/lib/modules/2.6.22.19/kernel/net/netfilter/nf_conntrack_rtsp.ko
So if i got it - i dont know how to load this module for IPv4.
# ll -a /lib/modules/2.6.22.19/kernel/net/ipv4/
drwxr-xr-x 3 root root 191 Oct 29 2014 ./
drwxr-xr-x 9 root root 105 Oct 29 2014 ../
-rw-r--r-- 1 root root 7704 Oct 29 2014 ah4.ko
-rw-r--r-- 1 root root 9288 Oct 29 2014 esp4.ko
-rw-r--r-- 1 root root 9160 Oct 29 2014 ipcomp.ko
drwxr-xr-x 2 root root 593 Oct 29 2014 netfilter/
-rw-r--r-- 1 root root 5344 Oct 29 2014 tcp_vegas.ko
-rw-r--r-- 1 root root 5176 Oct 29 2014 tunnel4.ko
-rw-r--r-- 1 root root 3284 Oct 29 2014 xfrm4_mode_beet.ko
-rw-r--r-- 1 root root 2388 Oct 29 2014 xfrm4_mode_transport.ko
-rw-r--r-- 1 root root 3292 Oct 29 2014 xfrm4_mode_tunnel.ko
-rw-r--r-- 1 root root 3956 Oct 29 2014 xfrm4_tunnel.ko
modprobe -a /lib/modules/2.6.22.19/kernel/net/ipv4/ <doesnt exist nf_conntrack_ipv4.ko>
So my question is how to load conntrack ipv4 to get iptables working with it for udp?
How to set proper rulez for droppig udp traffic by iptables?
How to configure my router to defend that DDoS?
Recommended Posts
Posted by house,
0 reactions
Go to this post