Hi,

My child was playing fortnite last night when another kid in the lobby threatened to DDOS him, I was skeptical but it turns out he could. I guess there is software available to show the IP address of who is in the same lobby.

98.139.130.248 DST=203.217.21.161 LEN=468 TOS=0x00 PREC=0x00 TTL=245 ID=43957 PROTO=UDP SPT=123 DPT=40765 LEN=448 Sep 19 17:43:45 localhost kernel: [14663181.301118] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=40:16:7e:70:b3:8d:a4:6c:2a:78:e5:d4:08:00 SRC= 98.139.130.248 DST=me.me.me.me LEN=468 TOS=0x00 PREC=0x00 TTL=245 ID=43958 PROTO=UDP SPT=123 DPT=40765 LEN=448 Sep 19 17:43:45 localhost kernel: [14663181.301374] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=40:16:7e:70:b3:8d:a4:6c:2a:78:e5:d4:08:00 SRC= 98.139.130.248 DST=me.me.me.me LEN=468 TOS=0x00 PREC=0x00 TTL=245 ID=43959 PROTO=UDP SPT=123 DPT=40765 LEN=448 Sep 19 17:43:45 localhost kernel: [14663181.301563] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=40:16:7e:70:b3:8d:a4:6c:2a:78:e5:d4:08:00 SRC= 98.139.130.248 DST=me.me.me.me LEN=468 TOS=0x00 PREC=0x00 TTL=245 ID=43960 PROTO=UDP SPT=123 DPT=40765 LEN=448 Sep 19 17:43:45 localhost kernel: [14663181.303184] Shorewall:net-fw:DROP:IN=eth0 OUT= MAC=40:16:7e:70:b3:8d:a4:6c:2a:78:e5:d4:08:00 SRC= 98.139.130.248 DST=me.me.me.me LEN=468 TOS=0x00 PREC=0x00 TTL=245 ID=43961 PROTO=UDP SPT=123 DPT=40765 LEN=448

This flood had many thousands of packets per second, went on for maybe 10 minutes.

Is there a mechanism in shorewall to prevent this particular attack ?

My first thought was rate limiting, but perhaps there are other security measures available ?

--
Best Regards,

Richard Hatherly
Ritech Computing Services
0411 459 507

--
Best Regards,

Richard Hatherly
Ritech Computing Services
0411 459 507



_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to