Hi,
My child was playing fortnite last night when another kid in the lobby
threatened to DDOS him, I was skeptical but it turns out he could. I
guess there is software available to show the IP address of who is in
the same lobby.
98.139.130.248 DST=203.217.21.161 LEN=468 TOS=0x00 PREC=0x00 TTL=245
ID=43957 PROTO=UDP SPT=123 DPT=40765 LEN=448
Sep 19 17:43:45 localhost kernel: [14663181.301118]
Shorewall:net-fw:DROP:IN=eth0 OUT=
MAC=40:16:7e:70:b3:8d:a4:6c:2a:78:e5:d4:08:00 SRC= 98.139.130.248
DST=me.me.me.me LEN=468 TOS=0x00 PREC=0x00 TTL=245 ID=43958 PROTO=UDP
SPT=123 DPT=40765 LEN=448
Sep 19 17:43:45 localhost kernel: [14663181.301374]
Shorewall:net-fw:DROP:IN=eth0 OUT=
MAC=40:16:7e:70:b3:8d:a4:6c:2a:78:e5:d4:08:00 SRC= 98.139.130.248
DST=me.me.me.me LEN=468 TOS=0x00 PREC=0x00 TTL=245 ID=43959 PROTO=UDP
SPT=123 DPT=40765 LEN=448
Sep 19 17:43:45 localhost kernel: [14663181.301563]
Shorewall:net-fw:DROP:IN=eth0 OUT=
MAC=40:16:7e:70:b3:8d:a4:6c:2a:78:e5:d4:08:00 SRC= 98.139.130.248
DST=me.me.me.me LEN=468 TOS=0x00 PREC=0x00 TTL=245 ID=43960 PROTO=UDP
SPT=123 DPT=40765 LEN=448
Sep 19 17:43:45 localhost kernel: [14663181.303184]
Shorewall:net-fw:DROP:IN=eth0 OUT=
MAC=40:16:7e:70:b3:8d:a4:6c:2a:78:e5:d4:08:00 SRC= 98.139.130.248
DST=me.me.me.me LEN=468 TOS=0x00 PREC=0x00 TTL=245 ID=43961 PROTO=UDP
SPT=123 DPT=40765 LEN=448
This flood had many thousands of packets per second, went on for maybe
10 minutes.
Is there a mechanism in shorewall to prevent this particular attack ?
My first thought was rate limiting, but perhaps there are other security
measures available ?
--
Best Regards,
Richard Hatherly
Ritech Computing Services
0411 459 507
--
Best Regards,
Richard Hatherly
Ritech Computing Services
0411 459 507
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users