Wiki source for Tier1Security
====Tier-1 Security Measures====
===Protecting Against Attacks===
Tier-1 operators may occasionally find themselves being used as a point of attack. The information below has been developed to mitigate these attacks.
Use only **ONE** of the methods below.
//For multi-line rules, please remember that order is important! Check your rules after insertion to confirm they are in the correct order, or you will have undesirable results.//
==Iptables Rules - Method 1==
%%
iptables -A OUTPUT -p udp --source-port 53 -m string --algo kmp --from 30 --to 31 --hex-string "|8105|" -j DROP
iptables -I INPUT -p udp -m string --hex-string "|00000000000103697363036f726700|" --algo bm --to 65535 --dport 53 -j DROP
iptables -I INPUT -p udp -m string --hex-string "|0000000000010472697065036e6574|" --algo bm --to 65535 --dport 53 -j DROP
%%
==Iptables Rules - Method 2==
%%
# block response when allow-query { acl; }; is used
iptables -A OUTPUT -m u32 -p udp --sport 53 --u32 "28&0xFFFF=0x8105" -j DROP
# block non recursive response when allow-query { any; }; is used
iptables -A OUTPUT -m u32 -p udp --sport 53 --u32 "28&0xFFFF=0x8100" -j DROP
# block truncated message requests
iptables -A OUTPUT -m u32 -p udp --sport 53 --u32 "28&0xFFFF=0x8300" -j DROP
%%
===Protecting Against Attacks===
Tier-1 operators may occasionally find themselves being used as a point of attack. The information below has been developed to mitigate these attacks.
Use only **ONE** of the methods below.
//For multi-line rules, please remember that order is important! Check your rules after insertion to confirm they are in the correct order, or you will have undesirable results.//
==Iptables Rules - Method 1==
%%
iptables -A OUTPUT -p udp --source-port 53 -m string --algo kmp --from 30 --to 31 --hex-string "|8105|" -j DROP
iptables -I INPUT -p udp -m string --hex-string "|00000000000103697363036f726700|" --algo bm --to 65535 --dport 53 -j DROP
iptables -I INPUT -p udp -m string --hex-string "|0000000000010472697065036e6574|" --algo bm --to 65535 --dport 53 -j DROP
%%
==Iptables Rules - Method 2==
%%
# block response when allow-query { acl; }; is used
iptables -A OUTPUT -m u32 -p udp --sport 53 --u32 "28&0xFFFF=0x8105" -j DROP
# block non recursive response when allow-query { any; }; is used
iptables -A OUTPUT -m u32 -p udp --sport 53 --u32 "28&0xFFFF=0x8100" -j DROP
# block truncated message requests
iptables -A OUTPUT -m u32 -p udp --sport 53 --u32 "28&0xFFFF=0x8300" -j DROP
%%
