Results 1 to 10 of 10
  1. #1

    DoS Help... I need a scripter for ....

    Greetings,

    I got DDoS yesterday.. they did eat 130GB of my bandwidth in like an hour hhehe...

    Do you think someone could write me up a script that will monitor my bandwidth.

    I want the script to do that if i use more then 10gb a day.. my servers goes down..

    So if my server eat more then 10gb a day.. it will shutdown..

    Thanks alot

  2. #2
    we are not allowed to respond to your request in this forum.
    * Rusko Enterprises LLC - Upgrade to 100% uptime today!
    * Premium NYC collocation and custom dedicated servers
    call 1-877-MY-RUSKO or paul [at] rusko.us

    dedicated servers, collocation, load balanced and high availability clusters

  3. #3
    Join Date
    Oct 2002
    Location
    Dublin
    Posts
    17
    Part 1 Bastille + packet filtering install

    This tutorial should help you and fully guide you though installing bastille on a server. Its rulesets have been setup for a web hosting company. This program will stop scans, packets and various other things. It will also mail you when you are scanned and allow you to block ips easyily.

    *************************************************************
    * A Basic guide for a webserver admin setting up Bastille *
    *************************************************************
    Installing Bastille Linux Firewall

    [[email protected] /root]# wget http://www.thomasoconnor.org/perl-Cu...05-10.i386.rpm
    [[email protected] /root]# wget http://www.thomasoconnor.org/Bastill...0-1.0.i386.rpm
    [[email protected] /root]# wget http://www.thomasoconnor.org/Bastill...0-1.0.i386.rpm
    [[email protected] /root]# rpm -ivh --nodeps perl-Curses-1.05-10.i386.rpm
    [[email protected] /root]# rpm -ivh Bastille-1.3.0-1.0.i386.rpm Bastille-Curses-module-1.3.0-1.0.i386.rpm
    [[email protected] /root]# rm -fr *.rpm
    [[email protected] /root]# InteractiveBastille

    (if that command does not work, use: /usr/sbin/InteractiveBastille)

    On the welcome screen type 'accept' and press [RETURN]. You must do this within two minutes otherwise the installation will abort. On
    the next screen choose 'next' then press [RETURN].

    Q: Would you like to set more restrictive permissions on the administration utilities?

    Choose 'yes', press [RETURN], select 'next' then press [RETURN] again.

    Q: Would you like to disable SUID status for mount/umount?

    Choose 'yes' then press [RETURN].

    Q: Would you like to disable SUID status for ping?

    Choose 'yes' then press [RETURN].

    Q: Would you like to disable SUID status for at?

    Choose 'yes' then press [RETURN].

    Q: Would you like to disable SUID status for the r-tools?

    Choose 'yes' then press [RETURN].

    Q: Would you like to disable SUID status for usernetctl?

    Choose 'yes' then press [RETURN].

    Q: Would you like to disable SUID status for traceroute?

    Choose 'yes' then press [RETURN].

    Q: Would you like to prohibit the clear-text r-protocols which trust IP addresses for authentication?

    Choose 'yes' then press [RETURN].

    Q: Would you like to enforce password aging?

    Choose 'no' then press [RETURN].

    Q: Would you like to restrict the use of cron to administrative accounts?

    Choose 'no' then press [RETURN].

    Q: Should we disallow root login on tty's 1-6?

    Choose 'yes' then press [RETURN].

    Q: Would you like to password-protect the LILO prompt?

    Choose 'no' then press [RETURN].

    Q: Would you like to reduce the LILO delay time to zero?

    Choose 'no' then press [RETURN].

    Q: Do you ever boot Linux from the hard drive?

    Choose 'yes' then press [RETURN].

    Q: Would you like to write the LILO changes to a boot floppy?

    Choose 'no' then press [RETURN].

    Q: Would you like to disable CTRL-ALT-DELETE rebooting?

    Choose 'no' then press [RETURN].

    Q: Would you like to password protect single-user mode?

    Choose 'no' then press [RETURN].

    Q: Would you like to set a default-deny on TCP Wrappers and xinetd?

    Choose 'no' then press [RETURN].

    Q: Should Bastille ensure the telnet service does not run on this system?

    Choose 'yes' then press [RETURN].

    Q: Should Bastille ensure the FTP service does not run on this system?

    Choose 'no' then press [RETURN].

    Q: Would you like to display "Authorized Use" messages at log-in time?

    Choose 'no' then press [RETURN].

    Q: Would you like to disable the gcc compiler?

    Choose 'no' then press [RETURN].

    Q: Would you like to put limits on system resource usage?

    Choose 'no' then press [RETURN].

    Q: Should we restrict console access to a small group of user accounts?

    Choose 'no' then press [RETURN].

    Q: Would you like to add additional logging?

    Choose 'yes' then press [RETURN]. This has enabled some additional logs: /var/log/kernel & /var/log/syslog. Press [TAB] to continue.

    Q: Do you have a remote logging host?

    Choose 'no' then press [RETURN]. Choose 'next' then again press [RETURN].

    Q: Would you like to disable apmd?

    Choose 'yes' then press [RETURN].

    Q: Would you like to disable GPM?

    Choose 'yes' then press [RETURN].

    Q: Would you like to deactivate the routing daemons?

    Choose 'yes' then press [RETURN].

    Q: Do you want to stop sendmail from running in daemon mode?

    Choose 'no' then press [RETURN].

    Q: Would you like to disable the VRFY and EXPN sendmail commands?

    Choose 'yes' then press [RETURN].

    Q: Would you like to chroot named and set it to run as a non-root user?

  4. #4
    Join Date
    Oct 2002
    Location
    Dublin
    Posts
    17

    * theboxnetwork.net part 2

    Choose 'no' then press [RETURN].

    Q: Would you like to deactivate named, at least for now?

    Choose 'no' then press [RETURN].

    Q: Would you like to deactivate the Apache web server?

    Choose 'no' then press [RETURN].

    Q: Would you like to bind the web server to listen only to the localhost?

    Choose 'no' then press [RETURN].

    Q: Would you like to bind the web server to a particular interface?

    Choose 'no' then press [RETURN]. Choose 'next' and again press [RETURN].

    Q: Would you like to deactivate the following of symbolic links?

    Choose 'no' then press [RETURN].

    Q: Would you like to deactivate server-side includes?

    Choose 'no' then press [RETURN].

    Q: Would you like to disable CGI scripts, at least for now?

    Choose 'no' then press [RETURN].

    Q: Would you like to disable indexes?

    Choose 'no' then press [RETURN].

    Q: Would you like to disable printing?

    Choose 'yes' then press [RETURN].

    Q: Would you like to install TMPDIR/TMP scripts?

    Choose 'no' then press [RETURN].

    Q: Would you like to run the packet filtering script?

    Choose 'yes' then press [RETURN]. Choose 'next' and again press [RETURN].

    Q: Do you need the advanced networking options?

    Choose 'no' then press [RETURN].

    Q: DNS Servers: [0.0.0.0/0]

    Press [TAB], choose 'next' and press [RETURN].

    Q: Public interfaces: [eth+ ppp+ slip+]

    Press [TAB], choose 'next' and press [RETURN].

    Q: TCP services to audit: [telnet ftp imap pop3 finger sunrpc exec login linuxconf ssh]

    Press [TAB], choose 'next' and press [RETURN].

    Q: UDP services to audit: [31337]

    Press [TAB], choose 'next' and press [RETURN].

    Q: ICMP services to audit: [ ]

    Press [TAB], choose 'next' and press [RETURN].

    Q: TCP service names or port numbers to allow on public interfaces:[ ]

    Type '20 21 22 25 53 80 110 443 19638', press [TAB], choose 'next' then press [RETURN].

    Q: UDP service names or port numbers to allow on public interfaces:[ ]

    Type '53', press [TAB], choose 'next' then press [RETURN].

    Q: Force passive mode?

    Choose 'no' then press [RETURN].

    Q: TCP services to block: [2049 2065:2090 6000:6020 7100]

    Press [TAB], choose 'next' and press [RETURN].

    Q: UDP services to block: [2049 6770]

    Press [TAB], choose 'next' and press [RETURN].

    Q: ICMP allowed types: [destination-unreachable echo-reply time-exceeded]

    Press [TAB], choose 'next' and press [RETURN].

    Q: Enable source address verification?

    Choose 'yes' then press [RETURN].

    Q: Reject method: [DENY]

    Press [TAB], choose 'next' and press [RETURN].

    Q: Interfaces for DHCP queries: [ ]

    Press [TAB], choose 'next' and press [RETURN].

    Q: NTP servers to query: [ ]

    Press [TAB], choose 'next' and press [RETURN].

    Q: ICMP types to disallow outbound: [destination-unreachable time-exceeded]

    Press [TAB], choose 'next' and press [RETURN].

    Q: Should Bastille run the firewall and enable it at boot time?

    Choose 'yes' then press [RETURN].

    Q: Would you like to setup PSAD?

    Choose 'yes' then press [RETURN].

    Q: psad check interval: [15]

    Press [TAB], choose 'next' and press [RETURN].

    Q: Port range scan threshold: [1]

    Press [TAB], choose 'next' and press [RETURN].

    Q: Enable scan persistence?

    Choose 'yes' then press [RETURN].

    Q: Show all scan signatures?

    Choose 'yes' then press [RETURN].

    Q: Danger Levels: [5 50 1000 5000 10000]

    Press [TAB], choose 'next' and press [RETURN].

    Q: Enable email alerts?

    Choose 'yes' then press [RETURN].

    Q: Email addresses: [[email protected]]

    Replace [email protected]' with your own your email address, press [TAB], choose 'next' then press [RETURN]

    Q: Email alert danger level: [1]

    Press [TAB], choose 'next' and press [RETURN].

    Q: Alert on all new packets?

    Choose 'yes' then press [RETURN].

    Q: Enable automatic blocking of scanning IPs?

    Choose 'yes' then press [RETURN].

    Q: Auto blocking danger level: [5]

    Press [TAB], choose 'next' and press [RETURN].

    Q: Should Bastille enable psad at boot time? [N]

    Choose 'yes' then press [RETURN].

    Q: Do you want to implement the choices now or continue making choices?

    Choose 'yes' then press [RETURN], then press [TAB] and the installation will exit. At the command prompt, type the following commands:

    [[email protected] /root]# /sbin/service syslog restart[RETURN]
    [[email protected] /root]# /etc/rc.d/init.d/bastille-firewall start[RETURN]
    [[email protected] /root]# /etc/rc.d/init.d/psad start[RETURN]

    A newer version of PSAD (0.9.9) is available since Bastille Linux 1.3.0 was released which you will now install. Again, at the command
    prompt type:

    [[email protected] /root]# wget http://www.thomasoconnor.org/psad-0.9.9.tar.gz
    [[email protected] /root]# tar zxvf psad-0.9.9.tar.gz
    [[email protected] /root]# rm -f psad-0.9.9.tar.gz
    [[email protected] /root]# cd psad-0.9.9
    [[email protected] psad-0.9.9]# ./install.pl

    The install script will then prompt you with a few questions:

    Would you like to add a new string that will be used to analyze firewall log messages? (y/[n])?

    Press 'N' then [RETURN]

    Would you like alerts sent to a different address (y/n)?

    Press 'Y' then [RETURN]. Type in your email address then press [RETURN].

    Enable psad at boot time (y/n)?

    Press 'Y' then [RETURN]. The install script has completed, so now type:

    [[email protected] psad-0.9.9]# cd..
    [[email protected] /root]# rm -fr psad-0.9.9



    Maintenance:

    In order for your firewall and reporting tools to remain effective, you need to regularly maintain the settings of IPTABLES and PSAD.
    Here are a few suggestions:

    If are receiving PSAD alerts reporting IP addresses you know to be safe/friendly then when you are connected to your server via SSH,
    logged in as root, type:

    [[email protected] psad-0.9.9]# pico /etc/psad/psad_auto_ips[RETURN]

    Scroll to the bottom of the file and add a line:

    xxx.xxx.xxx.xxx -1

    Where xxx.xxx.xxx.xxx is the safe/friendly IP address. Then to save the file press [CTRL-X], Y, then [RETURN]. Finally to restart PSAD,
    type:

    [[email protected] psad-0.9.9]# /sbin/service psad restart[RETURN]

    If on the other hand you are consistently scanned/attacked by a suspect IP address, do the same as above except replace the '-1' with
    '5'. They will be able to browse/use your site normally until they start a scan/attack at which point they will be completely blocked
    automatically. This is a better solution than initially blocking the IP completely as the IP address may be re-used by an innocent
    person who needs to access your server in the future.

  5. #5
    Join Date
    Oct 2002
    Location
    Dublin
    Posts
    17
    I will install it for $25 once off for you pm me if you are interested I can also make it suit a shell provider and let you keep track of your customers and what ports they are using.

    Regards

  6. #6
    Join Date
    Feb 2002
    Location
    UK
    Posts
    3,100
    Originally posted by Vline
    I will install it for $25 once off for you pm me if you are interested I can also make it suit a shell provider and let you keep track of your customers and what ports they are using.

    Regards
    Read the rules...

  7. #7
    Join Date
    Feb 2002
    Posts
    1,926
    That Bastille howto is for Ensim judging by the port numbers. I actually just made a post asking about the ports to keep open for use with CPanel (I mostly am wondering about the UDP port).
    Proud member of the RIAA closed quaters combat cell !!!
    You'd better drop that CD-R before I shoot you !!!

  8. #8
    Join Date
    Aug 2002
    Location
    London, UK
    Posts
    9,037
    Yep that tutorial is pasted off the rackshack support forums - thinking of following it on a box later myself.
    Matt Wallis
    United Communications Limited
    High Performance Shared & Reseller | Managed VPS Cloud | Managed Dedicated
    UK www.unitedhosting.co.uk | US www.unitedhosting.com | Since 1998.

  9. #9
    Join Date
    Oct 2002
    Location
    Dublin
    Posts
    17
    the tutorial is off unoffical support btw guys then it was posted on the rackshack forums.

    I mailed you the signup details BioXshell regards for your pm.

  10. #10
    Join Date
    Feb 2002
    Posts
    1,926
    LOL, this is fun:

    ------------------------------------------------------------------------------------
    iptables v1.2.4: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
    modprobe: Can't locate module ip_tables
    Perhaps iptables or your kernel needs to be upgraded.
    ------------------------------------------------------------------------------------

    First time this has happened to me when installing Bastille under Redhat and Ensim. The kernel installed is 2.4.19 (as per Ensim installation instructions). I'd upgrade it, but I'm affraid that might break Ensim

    At least everything else is still woring, it's only Bastille that won't start up.

    Maybe reinstalling mod_utils will take care of this?
    Last edited by Tazzman; 11-15-2002 at 09:27 AM.
    Proud member of the RIAA closed quaters combat cell !!!
    You'd better drop that CD-R before I shoot you !!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •