Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] servers offline

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] servers offline


Chronological Thread 
  • From: Hospedaje Web y Servidores Dedicados <ventas AT dedicados.com.mx>
  • To: discuss AT lists.opennicproject.org
  • Subject: Re: [opennic-discuss] servers offline
  • Date: Tue, 25 Feb 2014 08:05:50 -0600

thanks Jeff, well on singapore seems to be working, let me test the others:

root@singapore:~# iptables -F
root@singapore:~# iptables -X BADDNS
iptables: No chain/target/match by that name.
root@singapore:~# iptables -N BADDNS
root@singapore:~# iptables --insert INPUT -p udp --dport 53 -m string --from 40--to 58 --algo bm --hex-string '|07676572646172330272|' -j DROP -m comment --com ment "DROP DNS Q gerdar3.ru"
root@singapore:~# wget "https://raw.github.com/smurfmonitor/dns-iptables-rules/master/domain-blacklist.txt"; -O /root/domain-blacklist.txt.tmp
--2014-02-25 14:04:01-- https://raw.github.com/smurfmonitor/dns-iptables-rules/master/domain-blacklist.txt
Resolving raw.github.com (raw.github.com)... 103.245.222.133
Connecting to raw.github.com (raw.github.com)|103.245.222.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 22232 (22K) [text/plain]
Saving to: `/root/domain-blacklist.txt.tmp'

100%[==============================================================================================================================>] 22,232 --.-K/s in 0.001s

2014-02-25 14:04:02 (35.1 MB/s) - `/root/domain-blacklist.txt.tmp' saved [22232/22232]

root@singapore:~# grep iptables /root/domain-blacklist.txt.tmp >/root/domain-blacklist.txt
root@singapore:~# sh /root/domain-blacklist.txt
root@singapore:~# iptables -A INPUT -p udp --dport 53 -m string --hex-string "|00 00 ff 00 01|" --to 255 --algo bm -m comment --comment "IN ANY?" -j BADDNS
root@singapore:~# iptables -A BADDNS -m recent --set --name DNSQF --rsource
root@singapore:~# iptables -A BADDNS -m recent -p udp --dport 53 --update --seconds 20 --hitcount 20 --name DNSQF --rsource -j DROP
root@singapore:~# iptables -vnx --list BADDNS
Chain BADDNS (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 recent: SET name: DNSQF side: source
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 recent: UPDATE seconds: 20 hit_count: 20 name: DNSQF side: source udp dpt:53
root@singapore:~#


Ing. Alejandro M.
Hospedaje Web y Servidores Dedicados
http://www.dedicados.com.mx
------
correo / msn: ventas AT dedicados.com.mx
skype: dedicados
------
El 24/02/2014 11:27 p.m., Jeff Taylor escribió:
Did you stop there or did you finish running ALL of the commands? The error you pasted says the chain "BADDNS" doesn't exist... which is true if you've never added those rules before. If you don't run all of the lines, you can't say it doesn't work.

The same is true of the rules that are given on the wiki page. There are specific instructions for some of the blocks. You must add all of the lines, in the exact order given, or they won't do anything for you.


On 02/24/2014 10:09 PM, Hospedaje Web y Servidores Dedicados wrote:
i tryied and get same error always, in different server.

root@singapore:~# iptables -F
root@singapore:~# iptables -X BADDNS
iptables: No chain/target/match by that name.
root@singapore:~#

also on france. nl. chicago.

i dont know...

Ing. Alejandro M.
Hospedaje Web y Servidores Dedicados
http://www.dedicados.com.mx
------
correo / msn: ventas AT dedicados.com.mx
skype: dedicados
------

El 24/02/2014 12:54 p. m., oVPN.to Support escribió:
try these iptables: http://paste.debian.net/plainh/d947528b

and give more information about attacks. only ANY requests?
then put these iptables on it and you are fine, if not, give more
information, which domains used, which type of requests/attacks...

regards
ovpn.to



Quinn Wood:
On Mon, Feb 24, 2014 at 12:30 PM, Jeff Taylor <shdwdrgn AT sourpuss.net> wrote:
[snip] However unless you have an arrangement
with your hosting provider, in most cases there is nothing you can do about
the incoming traffic.

We need an upstream null route control panel :)





--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org




--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org



--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailingdiscuss-unsubscribe AT lists.opennicproject.org




--------
You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org




Archive powered by MHonArc 2.6.19.

Top of Page