protection from DDoS on UDP sport 11211 with a rate limit

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 2984
Location: UK, London, just across the river..

PostPosted: Sat Mar 03, 2018 9:10    Post subject: protection from DDoS on UDP sport 11211 with a rate limit Reply with quote
https://thehackernews.com/2018/03/biggest-ddos-attack-github.html
is there any point of protecting UPD sport 11211

iptables -I FORWARD -p udp --sport 11211 -m limit --limit 1/s -j ACCEPT

and you can fairly add one line for TCP as well

iptables -I FORWARD -p tcp --sport 11211 -m limit --limit 1/s -j ACCEPT

_________________
Atheros
TP-Link WR740Nv1 ------DD-WRT 33772 BS WAP/Switch (wired)
TP-Link WR1043NDv2 ----DD-WRT 41459 BS (AP,PPPoE,NAT,AD Blocking,AP Isolation,Firewall,Local DNS,Forced DNS,DoT)
TP-Link WR1043NDv2 ----DD-WRT 41517 BS (AP,NAT,AD Blocking,Firewall,Wi-Fi OFF,Local DNS,Forced DNS,DoT)
TP-Link WR1043NDv2 ----Gargoyle OS 1.11.0 (AP,NAT,QoS,Quotas)
Qualcomm/IPQ8065
2x Netgear R7800 -------DD-WRT 40270M 4.9 Kong (AP,NAT,AD-Blocking,AP&Net Isolation,VLAN's,Firewall,Local DNS,DNSCrypt-proxy v2 x2)
Broadcom
Netgear R7000 -------DD-WRT 40270M Kong (AP,NAT,VLAN,AD-Blocking,Firewall,Local DNS,Forced DNS,DoT)
------------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 via Entware by mac913
Sponsor
d0ug
DD-WRT Guru


Joined: 31 Jul 2015
Posts: 768

PostPosted: Sat Mar 03, 2018 18:06    Post subject: Re: protection from DDoS on UDP sport 11211 with a rate limi Reply with quote
Alozaros wrote:
https://thehackernews.com/2018/03/biggest-ddos-attack-github.html
is there any point of protecting UPD sport 11211

iptables -I FORWARD -p udp --sport 11211 -m limit --limit 1/s -j ACCEPT

and you can fairly add one line for TCP as well

iptables -I FORWARD -p tcp --sport 11211 -m limit --limit 1/s -j ACCEPT


Unless you're running a memcached server this wouldn't affect you. If you're the target of this attack, a firewall rule really won't help you. The ddos attack is still going to clog up your pipe before it ever hits your firewall.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 2984
Location: UK, London, just across the river..

PostPosted: Sat Mar 03, 2018 19:55    Post subject: Reply with quote
as far as i understood memcached server is used to amplify
the DDoS attack and if you have a server you must at least take some measures and those came into my mind first...anyway thanks for the info... i guess DD-WRT firewall will not permitted anyway but limiting in case of may be useful...

_________________
Atheros
TP-Link WR740Nv1 ------DD-WRT 33772 BS WAP/Switch (wired)
TP-Link WR1043NDv2 ----DD-WRT 41459 BS (AP,PPPoE,NAT,AD Blocking,AP Isolation,Firewall,Local DNS,Forced DNS,DoT)
TP-Link WR1043NDv2 ----DD-WRT 41517 BS (AP,NAT,AD Blocking,Firewall,Wi-Fi OFF,Local DNS,Forced DNS,DoT)
TP-Link WR1043NDv2 ----Gargoyle OS 1.11.0 (AP,NAT,QoS,Quotas)
Qualcomm/IPQ8065
2x Netgear R7800 -------DD-WRT 40270M 4.9 Kong (AP,NAT,AD-Blocking,AP&Net Isolation,VLAN's,Firewall,Local DNS,DNSCrypt-proxy v2 x2)
Broadcom
Netgear R7000 -------DD-WRT 40270M Kong (AP,NAT,VLAN,AD-Blocking,Firewall,Local DNS,Forced DNS,DoT)
------------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 via Entware by mac913
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum