Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

Regarding this (and due to the frequent ddos-type attacks we see on our 
T2 servers), I have a bash script that has been posted to help protect 
against these types of reflection attacks.  It has worked for the type 
of traffic we currently see, however without knowing the code that is to 
be used, there is no guarantee it will help fend off what anonymous has 
in mind.

The current code is posted at http://wiki.opennic.glue/ddosDotSh
There are comments with each of the configuration variables, however you 
will probably only need to worry about SRCDEV, DSTDEV, and CHAIN.  You 
will need iptables and tcpdump to run this script, and a user account 
that has permissions to freely use both commands.

If you run this script on your T2 server, SRCDEV and DSTDEV are not 
needed.  CHAIN should be set to "INPUT".

If you run this script on a dedicated firewall in front of your T2 
server, SRCDEV will be your internet connection, DSTDEV is the interface 
your T2 server is connected to, and CHAIN will be set to "FORWARD".

You can view the list of currently blocked IP addresses by reading the 
file defined by BLOCKFILE.  Commented entries are not currently blocked, 
however if they hit you again within the allocated time, they will be 
blocked again for double the previous time.

If you have any problems, you can give me a shout on the IRC channel.