Ts3 IPTABLES Light DDoS Protection rules

Vanquisher

New Member
Feb 13, 2019
3
0
3
Hi guys
for a little time my ts3 suffer light ddos attakcs. I've done tcpdump and investigated it with whiteshark. i have to drop all conecctions length of 0-141
I tried this guide but \/ doesn't want to fit iptables rules.
iptables -A PREROUTING -t raw -p udp --dport 9987 -m length --length 0:141 -j DROP
Should i use sth like iptables -I INPUT-p udp --dport 9987 -m length --length 0:141 -j DROP or sth?
Also what comamnd i should use to block spec IP connecting to ts3 port?
It attaks my ts3 ports only cause all my websites ftp and other services working correctly, even ts3 is up but no one is able to connect cause of overload of packets.
Thx for advice
 
U

User_38581

Maybe you can try this for dropping specific IP to specific PORT: iptables -A INPUT -p udp -s {IP-ADDRESS-HERE} --dport 9987 -j DROP

But this would be helpful only if the attack is coming from single IP (DoS Attack)
 

Vanquisher

New Member
Feb 13, 2019
3
0
3
There is no alternative to this command now "iptables -A PREROUTING -t raw -p udp --dport 9987 -m length --length 0:141 -j DROP " ? i mean this command dont want to setup in my iptables :S

or i should use this "iptables -I INPUT-p udp --dport 9987 -m length --length 0:141 -j DROP " insead
 
Top