syn flood [RESOLVIDO]

1. syn flood [RESOLVIDO]

Daniel
danielcrvg

(usa Slackware)

Enviado em 23/08/2012 - 22:38h

galera eu uso o firestarter como firewall e tao chegando VARIOS pacotes de IP's da gringa atraves do protocolo TCP.. to desconfiadissimo de uma tentativa de flood...

eu gostaria de colar aqui a figura do firestarter pra vcs verem mas eu nao sei como... pois bem o raiozinho la ta ficando VERMELHO direto.. desta forma to querendo configurar o iptables pra bloquear esses pacotes q tao chegando...


porem eu nao sei configurar o iptables pra isso sem afetar meu computador domestico.. se alguem tiver umas configuracoes boas ai por favor cola ai pra mim bloquear aqui essas paradas pq tao chegando muito!!!!!

ips:

23.66.231.25
184.173.174.140
178.255.83.2
178.255.83.1
50.116.194.21
23.1.69.186


PS: eu coloquei os DNS do google e do openDNS, nao sei se isso tem influencia no q esta acontecendo..


desde ja obrigado.

Editar


  


2. MELHOR RESPOSTA

Perfil removido
removido

(usa Nenhuma)

Enviado em 23/08/2012 - 23:05h

a solução para ataques syn flood, é fazer o que está descrito no comando abaixo:

echo 1 > /proc/sys/net/ipv4/tcp_syncookies 


Para mais informações sobre esse ataque leia o artigo do link abaixo (mas leia todas as páginas), pois vai esclarecer suas ideias o bastante:

http://www.vivaolinux.com.br/artigo/Iptables-protege-contra-SYN-FLOOD/?pagina=1

3. Re: syn flood [RESOLVIDO]

Daniel
danielcrvg

(usa Slackware)

Enviado em 24/08/2012 - 09:32h

eu li o arquivo.. mas eu sou iniciante, gostaria de saber como fazer essa configuracao..


tem como vc "colar" o seu iptables pra eu deixa o meu igual???




4. Re: syn flood [RESOLVIDO]

Daniel
danielcrvg

(usa Slackware)

Enviado em 24/08/2012 - 10:51h

Ve se assim ficou bom...


pelo menos pararam de chegar os pacotes daqueles ips la :P

-------------

#!/bin/bash

################################################################################
#################### Inicio Firewall - Desktop ##############################
################################################################################
/sbin/modprobe ip_nat
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_queue
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_nat
/sbin/modprobe iptable_mangle
/sbin/modprobe ipt_state
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_multiport
/sbin/modprobe ipt_mac
/sbin/modprobe ipt_string
## Limpando as Regras existentes #######
/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -t mangle -F
/sbin/iptables -t filter -F
/sbin/iptables -X
/sbin/iptables -Z

## Definindo politica padrão (Nega entrada e permite saida)
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT

# Variaveis: (Coloque aqui sua placa de rede)
iface_ext=eth0
iface_int=eth1

################################################################################
######################## Protege contra ataques diversos #######################
################################################################################

###### Protege contra synflood
/sbin/iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

###### Protecao contra ICMP Broadcasting
#echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
#echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
###### Prote.. Contra IP Spoofing
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter

###### Protecao diversas contra portscanners, ping of death, ataques DoS, pacotes danificados e etc.
#/sbin/iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
#/sbin/iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
#/sbin/iptables -A INPUT -i $iface_ext -p icmp --icmp-type echo-reply -m limit --limit 1/s -j DROP
/sbin/iptables -A FORWARD -p tcp -m limit --limit 1/s -j ACCEPT
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
/sbin/iptables -A FORWARD --protocol tcp --tcp-flags ALL SYN,ACK -j DROP
/sbin/iptables -A INPUT -m state --state INVALID -j DROP
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -N VALID_CHECK
/sbin/iptables -A VALID_CHECK -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
/sbin/iptables -A VALID_CHECK -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
/sbin/iptables -A VALID_CHECK -p tcp --tcp-flags ALL ALL -j DROP
/sbin/iptables -A VALID_CHECK -p tcp --tcp-flags ALL FIN -j DROP
/sbin/iptables -A VALID_CHECK -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
/sbin/iptables -A VALID_CHECK -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
/sbin/iptables -A VALID_CHECK -p tcp --tcp-flags ALL NONE -j DROP


################################################################################
######################### Fim da regras de contra ataques ######################
################################################################################

## Estabelece relação de confiança entre maquinas da rede local eth1(rede local)
#/sbin/iptables -A INPUT -i $iface_int -s 192.168.0.0/255.255.255.0 -j ACCEPT

# Permite conexões de entrada iniciadas por você
/sbin/iptables -A INPUT -i $iface_ext -m state --state NEW -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

## liberando o INPUT externo para o firewall ##

## Portas ##

# SSH
#/sbin/iptables -A INPUT -i $iface_ext -p tcp -m multiport --dport 22,80 -j ACCEPT


################################################################################
################################# Bloqueio de entrada ##########################
################################################################################
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -i $iface_ext -j ACCEPT
/sbin/iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
#/sbin/iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
/sbin/iptables -A INPUT -i $iface_ext -j REJECT
## Liberar ping ## 0=on 1=off
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all

################################################################################
############################ Compartilhamento Internet #########################
################################################################################

#/sbin/iptables -t nat -A POSTROUTING -o $iface_ext -j MASQUERADE
#echo 1 > /proc/sys/net/ipv4/ip_forward

echo "Firewall Ativado"
################################################################################
######################################## Fim ###################################
################################################################################


5. Re: syn flood [RESOLVIDO]

Perfil removido
removido

(usa Nenhuma)

Enviado em 24/08/2012 - 11:03h

Isso, é só colocar a linha do comando abaixo como dito anteriormente (e você já colocou no seu script pelo que vejo):

echo 1 > /proc/sys/net/ipv4/tcp_syncookies 


quanto a entender ou não é sói ler com calma o artigo que te passei pois lá está muito bem explicado.

se poder marque a melhor resposta, para o pessoal saber o que resolveu seu problema.






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts