Question Ts3 IPTABLES Light DDoS Protection rules

Vanquisher

New Member
Joined
Feb 13, 2019
Messages
3
Points
3
Age
27
Hi guys
for a little time my ts3 suffer light ddos attakcs. I've done tcpdump and investigated it with whiteshark. i have to drop all conecctions length of 0-141
I tried this guide but \/ doesn't want to fit iptables rules.
iptables -A PREROUTING -t raw -p udp --dport 9987 -m length --length 0:141 -j DROP
Should i use sth like iptables -I INPUT-p udp --dport 9987 -m length --length 0:141 -j DROP or sth?
Also what comamnd i should use to block spec IP connecting to ts3 port?
It attaks my ts3 ports only cause all my websites ftp and other services working correctly, even ts3 is up but no one is able to connect cause of overload of packets.
Thx for advice
 

martyns

ANTI SOCIAL
VIP
Joined
Aug 28, 2017
Messages
136
Points
71
Age
21
Location
United Kingdom
Maybe you can try this for dropping specific IP to specific PORT: iptables -A INPUT -p udp -s {IP-ADDRESS-HERE} --dport 9987 -j DROP

But this would be helpful only if the attack is coming from single IP (DoS Attack)
 

Vanquisher

New Member
Joined
Feb 13, 2019
Messages
3
Points
3
Age
27
They are comming from like whole world xD Russia, Slovenia, Bulgaria, Thai etc :p
 

Vanquisher

New Member
Joined
Feb 13, 2019
Messages
3
Points
3
Age
27
There is no alternative to this command now "iptables -A PREROUTING -t raw -p udp --dport 9987 -m length --length 0:141 -j DROP " ? i mean this command dont want to setup in my iptables :S

or i should use this "iptables -I INPUT-p udp --dport 9987 -m length --length 0:141 -j DROP " insead
 

Top