I wanna share my plan about how we could improve our security against DoS and DDoS attacks, we already have created thousands threads "how our asses were kicked by DoS/DDoS attacks".
So first we need to whitelist ourselves, block everything, and leave only that we need.
Whitelist ourselves:
1
sudo iptables -A INPUT --source 123.123.123.123 -j ACCEPT
Blocking everything:
1
sudo iptables -P INPUT DROP
Whitelist UnrealSoftware:
1
sudo iptables -A INPUT --source 85.214.102.60 -j ACCEPT
(OPTIONAL)Reduce packets size :
1
2
2
sudo iptables -A INPUT -p udp --sport 36963:36970 -m length --length 0:28 -j DROP sudo iptables -A INPUT -p udp --sport 36963:36970 -m length --length 1200:65535 -j DROP
Allowing CS2D Users to play in our server:
1
sudo iptables -A INPUT -p udp --sport 36963:36970 -j ACCEPT
But there is problem, if player changes his port to random like 54312, he wont be able to join our server. I would like to ask DC if he could change port range to smaller.
I already posted something likes this in Ideas for CS2D - READ THE FIRST POST (OP)! but i was ignored.
Bit later I sent him Private message and it seems he didnt liked idea of changing ports range, because it could lead to some problems.
So what problems it could be?
ISP blocks the port.
Some kind of program is using this port.
USGN was attacked and port 36963 went down and now changed port to ex. 50000
Solutions
Well no problems with ISP u could just call them and ask to remove block.
Program using port 36963? Then change your port to 36964.
USGN was attacked? Lol.. Then we wait until DC finds a way to block the attack.
Toys like LOIC, UDP Unicorn and others.
Are sending packets with random source ports, and then our great wall will help us.
Same thing goes with DDoS.
DC says that a real hacker would change his source port from where the attack is launched.. Well... Okay, one hacker bypassed and thousands of others didn't due to our wall.
WAITING FOR OPINIONS
edited 2×, last 08.09.15 03:36:33 pm