TCPDUMP
Code: Select all
16:11:03.693981 IP 80.92.170.193.29070 > 176.28.14.191.28111: UDP, length 15
16:11:03.693960 IP 141.101.172.150.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.693913 IP 213.109.148.221.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.693967 IP 213.155.215.125.29070 > 176.28.14.191.28111: UDP, length 15
16:11:03.693932 IP 193.106.74.94.29070 > 176.28.14.191.28111: UDP, length 15
16:11:03.693991 IP 217.9.156.194.29070 > 176.28.14.191.28111: UDP, length 15
16:11:03.694045 IP 128.0.90.61.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.693975 IP 213.208.182.128.29070 > 176.28.14.191.28111: UDP, length 15
16:11:03.693970 IP 213.222.245.217.29070 > 176.28.14.191.28111: UDP, length 15
16:11:03.694061 IP 109.71.79.19.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694064 IP 79.134.215.194.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694071 IP 130.0.219.206.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694074 IP 91.242.213.7.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694086 IP 213.109.54.182.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694105 IP 212.32.218.119.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694096 IP 79.134.216.144.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694102 IP 193.107.237.192.29070 > 176.28.14.191.28111: UDP, length 15
16:11:03.694109 IP 213.248.20.245.29070 > 176.28.14.191.28111: UDP, length 15
16:11:03.694109 IP 109.94.15.129.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694096 IP 95.172.56.68.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694101 IP 79.134.216.96.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694136 IP 195.42.156.170.29070 > 176.28.14.191.28111: UDP, length 15
16:11:03.694140 IP 109.238.196.129.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694124 IP 109.95.222.246.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694160 IP 109.237.11.96.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694161 IP 213.165.212.222.29070 > 176.28.14.191.28111: UDP, length 15
16:11:03.694210 IP 213.108.222.168.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694433 IP 79.134.215.162.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694449 IP 185.46.199.64.29070 > 176.28.14.191.28111: UDP, length 15
16:11:03.694464 IP 109.68.23.188.29070 > 176.28.14.191.28111: UDP, length 15
16:11:03.694450 IP 79.134.216.137.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694458 IP 185.46.85.216.29070 > 176.28.14.191.28111: UDP, length 15
16:11:03.694446 IP 79.134.215.25.29070 > 176.28.14.191.28111: UDP, length 15
16:11:03.694491 IP 79.134.215.234.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694495 IP 80.248.152.252.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694468 IP 185.44.238.66.29070 > 176.28.14.191.28111: UDP, length 15
16:11:03.694485 IP 91.232.14.216.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694484 IP 80.254.113.126.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694525 IP 213.251.223.2.29070 > 176.28.14.191.28111: UDP, length 15
16:11:03.694532 IP 80.255.147.163.29070 > 176.28.14.191.28111: UDP, length 15
16:11:03.694552 IP 109.95.160.175.29070 > 176.28.14.191.28111: UDP, length 15
16:11:03.694562 IP 91.232.235.26.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694566 IP 80.252.133.138.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694572 IP 134.90.180.205.29070 > 176.28.14.191.28111: UDP, length 15
16:11:03.694608 IP 195.42.171.158.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694609 IP 195.26.187.234.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694619 IP 109.239.216.130.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694607 IP 80.249.152.12.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694611 IP 195.28.14.165.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694622 IP 144.206.0.195.29070 > 176.28.14.191.28111: UDP, length 15
16:11:03.694641 IP 79.134.197.117.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694647 IP 130.193.66.82.29070 > 176.28.14.191.28111: UDP, length 15
16:11:03.694641 IP 80.95.44.174.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694656 IP 217.15.18.100.29070 > 176.28.14.191.28111: UDP, length 16
16:11:03.694663 IP 79.134.215.237.29070 > 176.28.14.191.28111: UDP, length 16
IPTABLES
Code: Select all
root@lvps176-28-14-191:~# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N CHECK1
-N udp-flood
-A INPUT -p udp -m length --length 16 -j DROP
-A INPUT -p udp -m length --length 15 -j DROP
-A INPUT -s 116.31.116.5/32 -j DROP
-A INPUT -s 182.100.67.113/32 -j DROP
-A INPUT -s 213.108.172.121/32 -j DROP
-A INPUT -s 212.220.8.67/32 -j DROP
-A INPUT -p udp -m length --length 1:1024 -m recent --set --name GetStatus --rsource
-A INPUT -p udp -m string --hex-string "|ffffffff676574737461747573|" --algo bm --to 65535 -m recent --update --name DEFAULT --rsource
-A INPUT -p udp -m string --hex-string "|ffffffff676574737461747573|" --algo bm --to 65535 -m recent --update --seconds 1 --hitcount 5 --name GetStatus --rsource -j DROP
-A INPUT -p udp -m length --length 28:32 -j DROP
-A INPUT -p udp -m length --length 15 -j CHECK1
-A INPUT -s MY_IP/32 -p tcp -m tcp --dport 28111 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 27015 -j DROP
-A INPUT -p tcp -m tcp --dport 28111 -j DROP
-A OUTPUT -p udp -j udp-flood
-A udp-flood -p udp -m limit --limit 200/sec -j RETURN
-A udp-flood -j LOG --log-prefix "UDP-flood attempt: "
-A udp-flood -j DROP