tag:blogger.com,1999:blog-8623811450826211059.post4600054424397898592..comments2022-10-26T06:35:08.831-07:00Comments on DNS Amplification Attacks Observer: Domain: Edelion.sudnsamplificationattackshttp://www.blogger.com/profile/01320145168822507091noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-8623811450826211059.post-59727226002418224292013-08-21T15:25:29.876-07:002013-08-21T15:25:29.876-07:00Seen this attack a lot today. My solution:
#!/bin...Seen this attack a lot today. My solution:<br /><br />#!/bin/bash<br />if [ "$1" != "" ]; then<br /> iptables -t raw -I PREROUTING -p udp --destination-port 53 -m string --algo kmp --from 30 --hex-string "|$1|" -j DROP<br />else<br /> echo "$0 HEXDUMPSTRING"<br /> echo "Localize hexstring at line 0030 containing unwanted query: tshark -i eth0 host port 53 -x "<br />fi<br />echo; echo;<br />echo "Existing DENY rules regler"<br />echo "-------------------------------------"<br />iptables -t raw -L -n<br />Drammen Bueskytterehttps://www.blogger.com/profile/05882053738300028158noreply@blogger.com