Ts3 IPTABLES Light DDoS Protection rules

Vanquisher

New Member
Joined
Feb 13, 2019
Messages
3
Reaction score
0
Points
3
Age
27
Hi guys
for a little time my ts3 suffer light ddos attakcs. I've done tcpdump and investigated it with whiteshark. i have to drop all conecctions length of 0-141
I tried this guide but \/ doesn't want to fit iptables rules.
iptables -A PREROUTING -t raw -p udp --dport 9987 -m length --length 0:141 -j DROP
Should i use sth like iptables -I INPUT-p udp --dport 9987 -m length --length 0:141 -j DROP or sth?
Also what comamnd i should use to block spec IP connecting to ts3 port?
It attaks my ts3 ports only cause all my websites ftp and other services working correctly, even ts3 is up but no one is able to connect cause of overload of packets.
Thx for advice
 

Martin S.

Active Member
VIP
Joined
Aug 28, 2017
Messages
209
Reaction score
263
Points
111
Location
Germany
Maybe you can try this for dropping specific IP to specific PORT: iptables -A INPUT -p udp -s {IP-ADDRESS-HERE} --dport 9987 -j DROP

But this would be helpful only if the attack is coming from single IP (DoS Attack)
 

Vanquisher

New Member
Joined
Feb 13, 2019
Messages
3
Reaction score
0
Points
3
Age
27
They are comming from like whole world xD Russia, Slovenia, Bulgaria, Thai etc :p
 

Vanquisher

New Member
Joined
Feb 13, 2019
Messages
3
Reaction score
0
Points
3
Age
27
There is no alternative to this command now "iptables -A PREROUTING -t raw -p udp --dport 9987 -m length --length 0:141 -j DROP " ? i mean this command dont want to setup in my iptables :S

or i should use this "iptables -I INPUT-p udp --dport 9987 -m length --length 0:141 -j DROP " insead
 

Top