Tutorial Preventing UDP Spoofing Attacks (99.9% PROTECTION)

NatureNMoon

Moderator
Moderator
Joined
Jul 8, 2016
Messages
34
Points
56
Hello everyone;

Many people hate taking UDP spoofing attacks. It makes almost everyone angry. However, it is not a big deal :)

Today, I will help you about preventing UDP spoofing attacks.

You can prevent UDP spoofing attacks by using IPTABLES and IPSET (If you do not have them, you can download by using the command lines below);

CentOS:
Code:
yum install iptables
yum install ipset
Ubuntu/Debian:
Code:
apt-get install iptables
apt-get install ipset
Here is the script "r4p3.sh"

Bash:
#!/bin/bash
# R4P3 UDP SPOOFING ATTACKS PREVENTION by Nature N Moon - R4P3.NET
# If you need help, do not hesitate to keep in touch with me

ipset create r4p3_udp_spoofing hash:ip hashsize 16777216 maxelem 40000000 timeout 120
iptables -N R4P3 -t raw
iptables -A PREROUTING -p udp -m set ! --match-set r4p3_udp_spoofing src -t raw -j R4P3
iptables -A R4P3 -t raw -j SET --add-set r4p3_udp_spoofing src
iptables -A R4P3 -t raw -j DROP
Please give full permission "chmod +x r4p3.sh" and start the script by using "./r4p3.sh" . After that, you can save and restart your iptables service.

Let me explain how these 5 codes can prevent UDP Spoofing attacks;

First of all, "UDP SPOOFING ATTACKS" are always changeable. That's why, if someone attacks you by using spoofing attacks, they will not use the same ip address again and again. That's why, these iptables rules may help you to prevent UDP spoofing attacks.

UDP protocol do not work like TCP protocol. That's why, if you want to prevent TCP attacks, SYNPROXY may help you. (I suggest you to use it)

WARNING: THE POWER OF THIS SCRIPT DEPENDS ON YOUR RAM, CPU, NIC, INTERNET SPEED, BUT THE RAW CHAIN OF THE IPTABLES HAS THE HIGHEST PACKET RATE WHICH IS 1.000.000 PACKET PER SECOND.



 
Last edited:

aLp59

Member
Joined
Jul 13, 2016
Messages
3
Points
35
Age
22
This prevention works well. I had a problem but I fixed it by myself. If you have a problem about your UDP port or ports, use this guys. This code worked well for me. For now, no problem. Can you share some preventions for TCP protocol except Synproxy.
 

NatureNMoon

Moderator
Moderator
Joined
Jul 8, 2016
Messages
34
Points
56
This prevention works well. I had a problem but I fixed it by myself. If you have a problem about your UDP port or ports, use this guys. This code worked well for me. For now, no problem. Can you share some preventions for TCP protocol except Synproxy.
SYNPROXY is one of the best preventions for TCP protocol. As you know, it is not the only one which prevents ddos attacks on TCP.

Here is the connlimit rule which may help you. You can add more port numbers by using "," like 50,60,70,80...
Bash:
-p tcp -m multiport --dports 21,22,25,80,443,1433,3306,3389 -m connlimit --connlimit-above 20 --connlimit-mask 32 --connlimit-saddr -j DROP
Please use only the parameters below for SYNPROXY:
Bash:
--sack-perm --timestamp
You can also use notrack for TCP, notrack command makes TCP traffic untraceable. That's why, if someone attacks you by using TCP spoofing attacks, notrack will keep you safe :)
(YOU MUST USE YOUR EXTERNAL INTERFACE, PLEASE CHANGE IT FROM THE IPTABLES RULE BELOW;)
Bash:
-i YourExternalInterface -p tcp --tcp-flags FIN,SYN,RST,ACK SYN -j CT --notrack
The rules and information above will help you a lot I guess. I am also planning to do something like SYNPROXY. However, it is not very soon :)
 
Last edited:

Top