Last active
February 28, 2020 16:53
-
-
Save Saren-Arterius/a4a203e6840ec5e83096 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # This script should be run by a DDoS protected server | |
| REMOTE_DOMAIN="vulnerable-minecraft-server.domain" | |
| PROTECTOR_PORT=8080 | |
| PROTECTED_PORT=25565 | |
| echo Fetching IPs... | |
| PROTECTOR_IP=$(ip a | grep inet | awk 'FNR == 3 {print $2}' | sed 's/\/[0-9]\{1,\}//g') | |
| PROTECTED_IP=$(dig ${REMOTE_DOMAIN} | grep ${REMOTE_DOMAIN} | awk 'FNR == 3 {print $5}') | |
| echo Resetting... | |
| #sudo systemctl restart iptables | |
| sudo service iptables restart | |
| sudo modprobe -r ip_gre | |
| echo Setting up... | |
| sudo sysctl net.ipv4.ip_forward=1 | |
| sudo iptables -I INPUT -p gre -s $PROTECTED_IP -j ACCEPT | |
| sudo ip tunnel add gre1 mode gre local $PROTECTOR_IP remote $PROTECTED_IP ttl 255 | |
| sudo ip addr add 192.168.168.1/24 dev gre1 | |
| sudo ip link set gre1 up | |
| sudo iptables -t nat -A PREROUTING -p tcp -m tcp -d $PROTECTOR_IP --dport $PROTECTOR_PORT -j DNAT --to 192.168.168.2:$PROTECTED_PORT | |
| sudo iptables -t nat -A POSTROUTING -s 192.168.168.0/24 ! -o gre+ -j SNAT --to $PROTECTOR_IP | |
| sudo iptables -I FORWARD -s 192.168.168.0/24 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT | |
| sudo iptables -I FORWARD -d 192.168.168.0/24 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT | |
| echo Testing... | |
| echo | |
| echo Expected: open | |
| nmap 192.168.168.2 -n -p $PROTECTED_PORT -Pn | |
| echo | |
| echo Expected: filtered | |
| nmap $REMOTE_DOMAIN -n -p $PROTECTED_PORT -Pn |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment