Jump to content
Logo Text

  • IceGame # Spatiu Publicitar

    Partener #1 Partener #2

Locked [Tutorial] Security FreeBSD DDoS sau Firewall

Barlap

By Barlap
in Ghiduri

 Share

Recommended Posts

Barlap Contributor

Barlap

Posted
Posted

In primul rand trebuie sa intelegem ce inseamna DDOS, cuvantul "DDoS" sunt defapt initialele de la (A Distributed Denial of Service) mai exact trimiterea unor pachete catre server pana serverul nu mai poate procesa informatiile primite si pica!

 

  • Pentru cine nu are perl instalat, este foarte simplu de instalat

 

cd /usr/ports/lang/perl5.16 && make install clean

  • si folositi comanda:

perl -v

 

  • Primul pas ca sa evitam aceasta situatie este sa activam firewalul din freebsd pentru asta trebuie sa intrati in /etc/rc.conf
    si sa adaugati urmatoarele linii

pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_flags=""

 

  • Pasul urmator este sa intram in /etc/pf.conf si sa adaugam urmatoarea linie

block in all
pass in quick on lo0
pass out quick on lo0
table persist file "/var/db/security"
block quick from
pass in quick on sis0 proto tcp from any to any port 22 keep state
pass in quick on sis0 proto tcp from any to any port 80 keep state
pass in quick on sis0 proto tcp from any to any port 3690 keep state
pass out all keep state

 

Numele fisierului se poate schimba dupa preferinta voastra, eu am ales sa pun numele "Security".
 

  • Acum trebuie sa creem fisierul "security" si sa setam permisiunile 644, asa ca ne ajutam de urmatoarele comenzi.

touch /var/db/security
chmod 644 /var/db/security

 

  • Mai apoi creem un fisier numit 'security.pl' in '/var/db' in care adaugam urmatoarea linie de cod si il salvam cu permisiunea 751

#!/usr/bin/perl

use strict;

my @assholes = ();

open (IN, "/var/log/auth.log");
while () {
if ($_ =~ /Invalid user.*from ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/) {
push(@assholes, $1);
}
if ($_ =~ /Did not receive identification string from ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/) {
push(@assholes, $1);
}
}
close (IN);

@assholes = sort {lc($a) cmp lc($B)} @assholes;

my @allowedIPs = ();
open (IN, "/var/db/allowed-ips");
while () {
if ($_ =~ /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/) {
push(@allowedIPs, $_);
}
}
close (IN);

chop(@allowedIPs);

my $tmp = "";
foreach my $asshole (@assholes) {
if ($asshole eq $tmp) {
$asshole = "";
} else {
if ($asshole =~ /127\.0\.0\.1/) {
$asshole = "";
}
if ($asshole =~ /192\.168\.[0-9]+\.[0-9]+/) {
$asshole = "";
}
foreach my $allowedIP (@allowedIPs) {
if ($asshole =~ /$allowedIP/) {
$asshole = "";
}
}
$tmp = $asshole;
}
}

@assholes = sort {lc($B) cmp lc($a)} @assholes;

my $popCount = 0;
foreach my $asshole (reverse @assholes) {
if ($asshole eq "") {
$popCount++;
}
}

for (my $i = 0; $i < $popCount; $i++) {
pop (@assholes);
}

my $list = "";
foreach my $asshole (@assholes) {
$list = $list . $asshole . " ";
}

exec "/sbin/pfctl -t bloqueo -T add $list";

 

pentru setarea permisiunii folositi comanda

chmod 751 security.pl

 

  • Mai apoi intrati in /etc/syslog.conf si inserati urmatoarea linie

auth.info;authpriv.info

 

Dupa toate astea trebuie sa restartati serverul, si totul va fi configurat si gata de utilizare. Protectia aceasta asigura o rezistenta de pana la 50.000 pachete trimise de la 500mb /s in jos ! Success !

 

Link to comment
Share on other sites

Please disable AdBlocker in order to help us keeping the forum up and running!

Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • IceGame # Global Statistics

    11,539 Total Posts
    5,220 Total Topics
    4,474 Total Members
    14 Total Banned
    305 Most Online
    Robert Istrate
    Newest Member
    Robert Istrate
    Joined

  • Who's Online   20 Members, 0 Anonymous, 74 Guests (See full list)

    IceGame.Ro # Legend
  • Parteneri


×
×
  • Create New...

Important Information

By visiting our community, you agree to our Terms of Use.

  I accept