View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005398 | Networks | [All Projects] Special | public | 2022-05-23 13:11 | 2024-09-12 05:17 |
| Reporter | DigitalMy | ||||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | assigned | Resolution | open | ||
| Summary | 0005398: block DDoS attacks to servers | ||||
| Description | Have got many of ping icmp from botnet every day password brute-force | ||||
| Tags | No tags attached. | ||||
|
|
Got hanging of router and crash page cgi-bin/luci/admin/status/realtime/connections service rpcd restart some DDOS going on router, suspected DNS ports (load reduced in case disable forwarding) shows many ICMP UDP TCP traffic |
|
|
Set OpenWRT firewall /cgi-bin/luci/admin/network/firewall/rules limit matching ICMP 2 packets per minute does not work first list "allow" rules, after list "drop" rules (bottom) added to wan zone in /etc/config/firewall option 'conntrack' '1' |
|
|
find ports to close netstat -tunpl have UDP 5678 online have dnsmasq on IPv6 |