Tutorial Netfilter Module to prevent DNS Amplification attacks

NatureNMoon

Moderator
Moderator
Joined
Jul 8, 2016
Messages
34
Points
56
Hi everyone;

I am aware of many people have serious issues about DNS Amplification attacks. That's why, I have developed netfilter module to prevent DNS Amplification Attacks.

What is the purpose of this netfilter module?
* This module prevents all UDP source-port 53 traffic except Google DNS Servers, 8.8.8.8 and 8.8.4.4 (You can change these DNS servers easily by editing the netfilter module)​

How can I use this?
* Add these 2 files "Makefile" and "r4p3-dns-netfilter.c" to your root directory.(Both of these files must be in the same directory)​
* Give them permission by using the command line below;​
Code:
chmod 777 Makefile && chmod 777 r4p3-dns-netfilter.c
* After giving permission, use the command line below to compile the netfilter module for your kernel version​
Code:
make
* After compiling the netfilter module, insert the netfilter module into your kernel by using the command line below;​
Code:
insmod r4p3-dns-netfilter.ko
* If you DO NOT have enough permission to compile the module, you can use the command line below(especially Debian/Ubuntu);​
Code:
sudo insmod r4p3-dns-netfilter.ko
* You can check if the module works or not by using the command line below;​
Code:
lsmod |grep r4p3
* If you want to remove this module, you can use the command line below;​
Code:
rmmod r4p3-dns-netfilter
* If you cannot remove this module, you may not have enough permission, please use the command line below(especially Ubuntu/Debian);​
Code:
sudo rmmod r4p3-dns-netfilter


WARNING: The power of this module depends on the CPU, RAM, STORAGE, BANDWIDTH of your servers.

If you use tcpdump, you can test it easily. In tcpdump output, you will clearly see no packet coming from source-port 53 udp except Google DNS Servers -8.8.8.8 and 8.8.4.4-
This module is literally better than IPTABLES drop rules. You can create your own netfilter modules.
I hope that you will create your own netfilter modules and share them with us.

PLEASE READ THE DESCIPTIONS IN THE NETFILTER MODULE CAREFULLY.
DO NOT HESITATE TO KEEP IN TOUCH WITH ME.
 

Attachments

Last edited:

aLp59

Member
Joined
Jul 13, 2016
Messages
3
Points
35
Age
22
I have been trying to code netfilter module, but I couldn't even compile it well. I really dunno what to say, thank you so much, by the way, can you please code for SSDP and LDAP attacks?
 

NatureNMoon

Moderator
Moderator
Joined
Jul 8, 2016
Messages
34
Points
56
I have been trying to code netfilter module, but I couldn't even compile it well. I really dunno what to say, thank you so much, by the way, can you please code for SSDP and LDAP attacks?
Nowadays, I am working on a netfilter module which will block almost all Reflection/Amplification attacks. It will take some time...
 

Top