dimanche 17 janvier 2016

Efficient DDoS protection under GNU/Linux

What is ipset?

Quoting the official website: "an IP set may store IP addresses, networks, (TCP/UDP) port numbers, MAC addresses, interface names or combinations of them in a way, which ensures lightning speed when matching an entry against a set."

I already have iptables. Why should i use ipset?

In case you have a number of growing rules in your iptables , this will lead to a severe performance drop. Specifically,if you have more than a thousand rules in your iptables, you should start worrying about this.

Inner workings

The inner workings of ipset are irrelevant. Or is it ? We'll delve into that soon enough :)

Did you say Bogons ? 

Simply put, a bogon is a bogus IP address in a computer network. Many unethical crackers use bogons to direct massive DDOS attacks on servers. Those non-legitimate IPs marked as living in oblivion need to be filtered to prevent possible attacks.

 For our demonstration in the usage of ipset, I will show you how to filter bogons using a simple 'quick and dirty' shell script.


#Author: C.Velvindron / codarren@hackers.mu
#Shellscript to filter bogons using ipset
iptables -F
ipset destroy
ipset -N bogonblock nethash
for IP in $(wget -O - http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt)
ipset -A bogonblock $IP
iptables -A INPUT -m set --match-set bogonblock src -j DROP

Sample output of ipset -list

4 commentaires:

  1. ipset is fantastic. I have been using it for several months on my minecraft server to block a few VPN providers because abusive players attempt to use cheap VPN services to bypass bans placed on their IP.


  2. That's interesting. What VPN providers do you consider as cheap?

  3. I was writing cheap from the viewpoint of the players who would use one to evade bans on a game server. Subscriptions to VPN services are as low as aroud US$5/month.

  4. Such an informative blog thanks for sharing please visit once at http://ddoscube.com/