DDOS UDP flood and guessing password/nicknames?

B

Burevuh2015-07-12 16:04:44

DDoS Protection

Burevuh, 2015-07-12 16:04:44

Hello. Debian 7 machine. Starting from yesterday, there is a selection of passwords and users. They also trumpet UDP with a flood. How can you protect yourself from all this?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

sim3x, 2015-07-12
@sim3x

https://en.wikipedia.org/wiki/Port_knocking
udp - as long as there is enough channel and the provider does not care, you only have the opportunity to collect the ip of dns-ntp and other services yourself and send them abuse
But nevertheless you need to write to the provider
Well, do not forget check if you have unlimited traffic
as an option

A

Andrey Nikiforov, 2015-07-12
@eoffsock

Against the selection of passwords / users - fail2ban.
Against a pure UDP flood, there are few local solutions, you need to look for ways to external filter. Try to find the attacking subnet and ban it entirely.
See also this: ftp://ftp.ripe.net/ripe/docs/ripe-432.pdf

C

CyberGrom, 2015-09-03
@CyberGrom

As previously written, you can use local solutions to prevent password guessing, including fail2ban
. And from UDP flood, you need to use filtering at the data center level.
If the parameters are known, then you can limit yourself to several rules
, for example:

#запрет всех UDP пакетов с порта #1900
<...> term deny_udp_port from protocol udp
<...> term deny_udp_port from source-port 1900
<...> term deny_udp_port then discard

# или блокируем весь UDP трафик кроме DNS
<...> term allow_udp from source-address 8.8.8.8/32
<...> term allow_udp from protocol udp
<...> term allow_udp from source-port 53
<...> term allow_udp then accept
<...> term discard_udp from protocol udp
<...> term discard_udp then discard

Details https://mnogobyte.ru/firewall_rules.html
If there are many parameters, or they change, then it will be more profitable to enable DDoS protection