Tier-1 Security Measures


Protecting Against Attacks


Tier-1 operators may occasionally find themselves being used as a point of attack. The information below has been developed to mitigate these attacks.
Use only ONE of the methods below.

For multi-line rules, please remember that order is important! Check your rules after insertion to confirm they are in the correct order, or you will have undesirable results.

Iptables Rules - Method 1
iptables -A OUTPUT -p udp --source-port 53 -m string --algo kmp --from 30 --to 31 --hex-string "|8105|" -j DROP
iptables -I INPUT -p udp -m string --hex-string "|00000000000103697363036f726700|" --algo bm --to 65535 --dport 53 -j DROP
iptables -I INPUT -p udp -m string --hex-string "|0000000000010472697065036e6574|" --algo bm --to 65535 --dport 53 -j DROP


Iptables Rules - Method 2
# block response when allow-query { acl; }; is used
iptables -A OUTPUT -m u32 -p udp --sport 53 --u32 "28&0xFFFF=0x8105" -j DROP
# block non recursive response when allow-query { any; }; is used
iptables -A OUTPUT -m u32 -p udp --sport 53 --u32 "28&0xFFFF=0x8100" -j DROP
# block truncated message requests
iptables -A OUTPUT -m u32 -p udp --sport 53 --u32 "28&0xFFFF=0x8300" -j DROP
There are no comments on this page.
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki