IPTables如何阻止特定的UDP数据包?
[英]IPTables How do I block a specific UDP Packet?
问题描述
I was wondering if it's possible to block this particular packet in IPTables? 
我想知道是否有可能在IPTables中阻止此特定数据包?
IP (tos 0x0, ttl 122, id 59478, offset 0, flags [none], proto: **UDP** (17), **length: 32**) 49.125.39.7.53125 > 68.68.27.40.34535: UDP, **length 0**
0x0000: 4500 0020 e856 0000 7a11 a086 317d 2707 E....V..z...1}'.
0x0010: 4444 1b28 cf85 86e7 0008 0000 0000 0000 DD.(............
0x0020: 0000 0000 0000 0000 0000 0000 0000
IP (tos 0x0, ttl 43, id 42852, offset 0, flags [none], proto: UDP (17), length: 32) 15.205.231.92.63002 > 68.68.27.40.18287: UDP, length 0
0x0000: 4500 0020 a764 0000 2b11 91d3 0fcd e75c E....d..+......\
0x0010: 4444 1b28 f61a 476f 0008 0000 0000 0000 DD.(..Go........
0x0020: 0000 0000 0000 0000 0000 0000 0000
It's a spoofed DoS attack, with random source IPs to random destination ports, exhausting the udp ports our server application needs. 这是一种欺骗性的DoS攻击,将随机的源IP随机发送到随机的目标端口,耗尽了服务器应用程序所需的udp端口。 I want to block the packet according to the highlighted parts of the tcp dump, namely UDP length:32 + length 0 at the end. 我想根据tcp转储的突出显示部分来阻止数据包,即UDP长度:32 +末尾的长度0。 Is that possible? 那可能吗?
Or is it possible to block the packets by the hex-string in the dump? 还是可以通过转储中的十六进制字符串阻止数据包?
Thank you kindly, Floyd 谢谢你,弗洛伊德
1 个解决方案
解决方案1
0 2012-03-02 06:24:40
The IPTables have a u32 module to test whether quantities of up to 4 bytes extracted from a packet have specified values. IPTable具有u32模块,用于测试从数据包提取的最多4个字节的数量是否具有指定值。 You might be able to test the packet is DoS attachek or not. 您也许可以测试数据包是否为DoS Attachek。 Below is an example: 下面是一个示例:
iptables -A INPUT -j DROP -m u32 --u32 "16 & 0xFFFF = 0x4444"
See manpage of iptables (you should use man iptables on your environment) for more detail. 有关更多详细信息,请参见iptables的联机帮助页 (您应该在环境中使用man iptables )。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.