ddos - OnkarRajput/DDOS GitHub Wiki

http://itsimple.info/?p=368

http://www.ndimensionz.com/kb/ddos-attck-prevention-in-linux-servers/

https://linoxide.com/firewall/block-common-attacks-iptables/

https://javapipe.com/ddos/blog/iptables-ddos-protection/

Reject spoofed packets

iptables -A INPUT -s 10.0.0.0/8 -j DROP

iptables -A INPUT -s 169.254.0.0/16 -j DROP

iptables -A INPUT -s 172.16.0.0/12 -j DROP

iptables -A INPUT -i eth0 -s 127.0.0.0/8 -j DROP

iptables -A INPUT -s 224.0.0.0/4 -j DROP

iptables -A INPUT -d 224.0.0.0/4 -j DROP

iptables -A INPUT -s 240.0.0.0/5 -j DROP

iptables -A INPUT -d 240.0.0.0/5 -j DROP

iptables -A INPUT -s 0.0.0.0/8 -j DROP

iptables -A INPUT -d 0.0.0.0/8 -j DROP

iptables -A INPUT -d 239.255.255.0/24 -j DROP

iptables -A INPUT -d 81.110.111.190 -j DROP

Stop smurf attacks

iptables -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP

iptables -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP

iptables -A INPUT -p icmp -m icmp -j DROP

Drop all invalid packets

iptables -A INPUT -m state --state INVALID -j DROP

iptables -A FORWARD -m state --state INVALID -j DROP

iptables -A OUTPUT -m state --state INVALID -j DROP

Drop excessive RST packets to avoid smurf attacks

iptables -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT

Attempt to block portscans

Anyone who tried to portscan us is locked out for an entire day.

iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP

iptables -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP

iptables -A INPUT -i eth0 -p tcp –tcp-flags ALL ACK,RST,SYN,FIN -j DROP

iptables -A INPUT -i eth0 -p tcp –tcp-flags SYN,FIN SYN,FIN -j DROP

iptables -A INPUT -i eth0 -p tcp –tcp-flags SYN,RST SYN,RST -j DROP

iptables -A INPUT -m state –state INVALID -j DROP

iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j RETURN

Interface 0 incoming syn-flood protection

iptables -N syn_flood

iptables -A INPUT -p tcp --syn -j syn_flood

iptables -A syn_flood -m limit --limit 1/s --limit-burst 3 -j RETURN

iptables -A syn_flood -j DROP

#Limiting the incoming icmp ping request: iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j ACCEPT

iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j LOG --log-prefix PING-DROP:

iptables -A INPUT -p icmp -j DROP

iptables -A OUTPUT -p icmp -j ACCEPT

iptables -I INPUT -p tcp -s 0/0 -d $SERVER_IP --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -m recent --set -j ACCEPT iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 600 --hitcount 11 -j DROP