LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page DDos Attack udp flood
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-31-2019, 04:50 AM   #1
nikusha774
LQ Newbie
 
Registered: Jul 2019
Posts: 1

Rep: Reputation: Disabled
Unhappy DDos Attack udp flood

Hi guys i have really big problems and i don't know what to do i have vps on contabo.com and i'm getting ddosed over and over and now my provider suspended my account permanently they saying "we have anti ddos" but fact is someone is ddosing me i'm not running any serious buisness to get ddosed by big group of hackers or something like that they using udp flood to shutdown my vps there is some logs but becouse of symbol limit that is not full logs

Code:
For your interest a partial dump of the attack on your IP that is performed with 8255 Mbit/s and 822258 data packets per second:
2019-07-29 10:14:32.951168 109.92.140.222:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951218 109.92.140.222:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 957 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951232 109.92.140.222:53 > 164.68.106.50:25565 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951279 109.92.140.222:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951291 109.92.140.222:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 921 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951298 109.92.140.222:53 > 164.68.106.50:25565 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951303 109.92.140.222:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951308 109.92.140.222:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 873 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951331 109.92.140.222:53 > 164.68.106.50:25565 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951361 181.128.41.21:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1506 bytes ttl: 53 sample ratio: 1  
2019-07-29 10:14:32.951372 109.92.140.222:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951381 109.92.140.222:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 853 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951391 109.92.140.222:53 > 164.68.106.50:25565 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951435 109.92.140.222:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951445 109.92.140.222:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 831 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951453 109.92.140.222:53 > 164.68.106.50:25565 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951459 109.92.140.222:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951465 202.175.82.189:53 > 164.68.106.50:25565 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 52 sample ratio: 1  
2019-07-29 10:14:32.951471 109.92.140.222:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 807 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951523 109.92.140.222:53 > 164.68.106.50:25565 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951535 109.92.140.222:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951543 109.92.140.222:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 784 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951549 194.187.150.111:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 730 bytes ttl: 56 sample ratio: 1  
2019-07-29 10:14:32.951554 187.190.117.181:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 53 sample ratio: 1  
2019-07-29 10:14:32.951577 218.161.39.151:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1022 bytes ttl: 54 sample ratio: 1  
2019-07-29 10:14:32.951601 178.74.66.78:53 > 164.68.106.50:25565 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 53 sample ratio: 1  
2019-07-29 10:14:32.951612 165.255.241.99:53 > 164.68.106.50:25565 protocol: udp frag: 1  packets: 1 size: 1490 bytes ttl: 49 sample ratio: 1  
2019-07-29 10:14:32.951621 187.190.117.181:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1025 bytes ttl: 53 sample ratio: 1  
2019-07-29 10:14:32.951630 165.255.241.99:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1490 bytes ttl: 49 sample ratio: 1  
2019-07-29 10:14:32.951640 46.165.16.203:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1108 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951674 165.255.241.99:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 723 bytes ttl: 49 sample ratio: 1  
2019-07-29 10:14:32.951686 222.124.3.202:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1036 bytes ttl: 54 sample ratio: 1  
2019-07-29 10:14:32.951696 101.99.36.171:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1034 bytes ttl: 52 sample ratio: 1  
2019-07-29 10:14:32.951705 176.61.241.28:53 > 164.68.106.50:25565 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 57 sample ratio: 1  
2019-07-29 10:14:32.951714 176.61.241.28:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 57 sample ratio: 1  
2019-07-29 10:14:32.951735 176.61.241.28:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1114 bytes ttl: 57 sample ratio: 1  
2019-07-29 10:14:32.951760 188.17.159.218:53 > 164.68.106.50:25565 protocol: udp frag: 1  packets: 1 size: 1490 bytes ttl: 57 sample ratio: 1  
2019-07-29 10:14:32.951767 77.232.167.64:53 > 164.68.106.50:25565 protocol: udp frag: 1  packets: 1 size: 1490 bytes ttl: 57 sample ratio: 1  
2019-07-29 10:14:32.951777 77.232.167.64:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1490 bytes ttl: 57 sample ratio: 1  
2019-07-29 10:14:32.951787 77.232.167.64:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1073 bytes ttl: 57 sample ratio: 1  
2019-07-29 10:14:32.951795 188.191.2.32:53 > 164.68.106.50:25565 protocol: udp frag: 1  packets: 1 size: 1490 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951823 79.133.100.118:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1490 bytes ttl: 57 sample ratio: 1  
2019-07-29 10:14:32.951852 188.17.159.218:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1490 bytes ttl: 57 sample ratio: 1  
2019-07-29 10:14:32.951862 188.17.159.218:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1129 bytes ttl: 57 sample ratio: 1  
2019-07-29 10:14:32.951869 103.94.7.212:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.951878 5.148.116.12:53 > 164.68.106.50:25565 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 59 sample ratio: 1  
2019-07-29 10:14:32.951901 83.64.108.34:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 57 sample ratio: 1  
2019-07-29 10:14:32.951933 213.110.119.9:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 56 sample ratio: 1  
2019-07-29 10:14:32.951945 213.110.119.9:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 862 bytes ttl: 56 sample ratio: 1  
2019-07-29 10:14:32.951954 201.231.18.106:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 53 sample ratio: 1  
2019-07-29 10:14:32.951963 212.116.124.74:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 59 sample ratio: 1  
2019-07-29 10:14:32.951987 109.251.74.191:53 > 164.68.106.50:25565 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 56 sample ratio: 1  
2019-07-29 10:14:32.952020 188.32.120.116:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 58 sample ratio: 1  
2019-07-29 10:14:32.952027 95.84.190.189:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1514 bytes ttl: 56 sample ratio: 1  
2019-07-29 10:14:32.952034 95.30.52.221:0 > 164.68.106.50:0 protocol: udp frag: 1  packets: 1 size: 1458 bytes ttl: 58 sample ratio: 1
there is no any way to defend myself please someone help me i found iptable configurations but it only defends from tcp attacks also i'm scared if i will change provaider i don't want to get ddosed again i'm loosing money and most valuable thing time i hope there will be someone who can help me
 
Old 07-31-2019, 08:04 PM   #2
RickDeckard
Member
 
Registered: Jan 2014
Location: Canton, Georgia, USA
Distribution: Debian 12
Posts: 205

Rep: Reputation: Disabled
IPTables has UDP support too. You just need to use -p udp -m udp rather than TCP, as well as blocking ports 25565 and 0. Something like:

/sbin/iptables -A INPUT -i <your interface> -p udp -m udp -d <your IP address here> --dport 25565 -m conntrack --ctstate NEW -j DROP

/sbin/iptables -A INPUT -i <your interface> -p udp -m udp -d <your IP address here> --dport 0 -m conntrack --ctstate NEW -j DROP

if you're using a blacklist rather than a whitelist. For security reasons, I would recommend the whitelist but it's not my call. Also, you may want rate limiting if you have to keep those ports open yet inaccessible to massive amounts of traffic.
Last edited by RickDeckard; 07-31-2019 at 08:11 PM. Reason: exposition
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Suggest iptables configuration for UDP flood (DDoS) Crey Linux - Server 1 12-25-2017 06:48 PM
Suggest iptables configuration for UDP flood (DDoS) evonyblue Linux - Server 5 11-19-2017 03:03 PM
LXer: New DDoS attack uses smartphone browsers to flood site with 4.5bn requests LXer Syndicated Linux News 0 09-28-2015 05:11 PM
Help with DDos Type UDP Flood vondie Linux - Security 3 09-03-2010 03:30 AM
iptables rules against udp flood and ddos attack callbiz Linux - Networking 12 02-19-2010 08:13 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:23 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration