-
-
Save KG7x/27873277bb3c3e3230a2c09bc5e36af4 to your computer and use it in GitHub Desktop.
q3 engine getstatus ddos filter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
function numcommas () { | |
local S="${1//[^,]/}" | |
echo ${#S} | |
} | |
PORTS=${1:-27960} | |
NUMPORTS=$(($(numcommas ${PORTS}) + 1)) | |
HITS=$((${2:-5} * ${NUMPORTS})) | |
SECONDS=${3:-2} | |
iptables -N quake3_ddos | |
iptables -A quake3_ddos -m u32 ! --u32 "0x1c=0xffffffff" -j ACCEPT | |
iptables -A quake3_ddos -m u32 --u32 "0x20=0x67657473&&0x24=0x74617475&&0x25&0xff=0x73" -m recent --name getstatus --set | |
iptables -A quake3_ddos -m recent --update --name getstatus --hitcount ${HITS} --seconds ${SECONDS} -j DROP | |
iptables -A quake3_ddos -j ACCEPT | |
if [ ${NUMPORTS} -eq 1 ]; then | |
iptables -I INPUT -p udp --dport ${PORTS} -j quake3_ddos | |
else | |
iptables -I INPUT -m multiport -p udp --dports ${PORTS} -j quake3_ddos | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
how to exec:
./block_q3dd 27960,27961 3 1
./sh port or ports,ports hits seconds
SOURCE:
http://blog.alejandronolla.com/2013/06/24/amplification-ddos-attack-with-quake3-servers-an-analysis-1-slash-2/
http://blog.alejandronolla.com/2013/08/05/amplification-ddos-attack-with-quake3-servers-an-analysis-2-slash-2/