-
-
Save acoul/2d40d1bd73012a8deee0e4c6ca12f82e to your computer and use it in GitHub Desktop.
Blocking all ANY queries in DNS server to prevent DDOS DNS amplification attack
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| iptables --flush | |
| iptables -A INPUT -p udp --dport 53 -m string --from 50 --algo bm --hex-string '|0000FF0001|' -m recent --set --name dnsanyquery | |
| iptables -A INPUT -p udp --dport 53 -m string --from 50 --algo bm --hex-string '|0000FF0001|' -m recent --name dnsanyquery --rcheck --seconds 60 --hitcount 1 -j DROP | |
| iptables -A INPUT -p udp --dport 53 -m u32 --u32 $(python generate-netfilter-u32-dns-rule.py --qname . --qtype ANY) -j DROP | |
| #iptables -A INPUT -p udp --dport 53 -m u32 --u32 $(python generate-netfilter-u32-dns-rule.py --qname isc.org --qtype ANY) -j DROP | |
| #iptables -A INPUT -p udp --dport 53 -m u32 --u32 $(python generate-netfilter-u32-dns-rule.py --qname isc.org. --qtype ANY) -j DROP | |
| iptables -A INPUT -p udp --dport 53 -m string --from 50 --algo bm --hex-string '|0000FF0001|' -j DROP | |
| #para bloquear ataque isc.org | |
| iptables -A INPUT -p udp -m string --hex-string "|03697363036f726700|" --algo bm --to 65535 -j DROP | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment