NetworkNightmare.net

gigEnn.org


Bandwidth-Hogs.net


DDoS-Solutions.net
DDoS-Mitigator.net

Features
Mitigation-Howto
BGP
RTBH
xFlow

Competitor Comparison
Inhouse--vs--Cloud

Personal

LAMP--vs--OneApp

SSH-Howto

Marketing
Support

Services

Jobs


IPtables-GUI.net
IPtables-BL.net
IPtables-BlackList.net

IPtables-Howto
IPtables-Limit
IPtables-Install
Tarpits


DDoS-Simulator.net

Packet-Craft.net



Shopping Cart

Sales.2016 @ NetworkNightmare

Sales.2016 @ DDoS-Mitigator.net



Linux-Distributions

















BSD Distributions













Contact

Sales @ NetworkNightMare.net




Linux is a registered trademark of
Linus Torvalds

More Linux Legalese


IPtables-GUI.net
IPtables-BlackList.net
IPtables-BL.net


  • 4 Simple Steps for DDoS Mitigation

    • Assumptions =
    • Capture all incoming and outgoing packets on the network
      • /usr/local/gigEnn/bin/iptables-gui.capture.sh

    • Automatically determine port being used for each connection
      • /usr/local/gigEnn/bin/iptables-gui -data

    • Automatically TARPIT incoming DDoS attacks using IPtables
      • /usr/local/gigEnn/bin/iptables-gui -add
      • You must auto-magically resolve the cause of your Bandwidth usage and/or DDoS problem
      • you could be getting millions of packets per second
      • you could be attacked from thousands of source address

    • Periodically View the Network Performance
      • /usr/local/gigEnn/bin/iptables-gui -load
          -- or --
      • firefox http://localhost/cgi-bin/IPtables-GUI.pl


  • "DDoS Attackers on the Internet" === you CANNOT Stop-Block-Prevent-Restrict-Limit the incoming DDoS Attacks

  • DDoS Attackers
    Asia

    DDoS Attackers
    Americas


    http://en.wikipedia.org/wiki/Niagara_Falls

    DDoS Attackers
    Europe


    IPtables BlackList




    • IPtables-GUI uses the output of Bandwidth-Hogs.net

      • Hourly/Daily Text Based Incoming traffic data from Bandwidth-Hogs.net
        • Hourly text data == /home/apache/html/Stats/Year/Month/Date/Hour/IN.*.txt
        • Minute text data == /home/apache/html/Stats/Year/Month/Date/Hour/MM/IN.*.txt

      • iptables needs to know what/which incoming or outgoing traffic to block

    • IPtables-GUI requires IPtables with TARPIT support for better DDoS protection performance

    • IPtables-GUI definition for DDoS attackers
      • Mail Servers allow connections to port 25 -- ALL other connection attempts are DDoS attackers
      • DNS Servers allow connections to port 53 -- ALL other connection attempts are DDoS attackers
      • Web Servers allow connections to port 80 -- ALL other connection attempts are DDoS attackers
      • -- etc --

      • TCP-based DDoS attacks should be TARPIT'd which force them to pay a penalty to attack the servers
        • dropping, or reject or logging the connection does NOT solve the DDoS problem

      • ARP-based and ICMP-based and UDP-based DDoS attacks are trickier to mitigate

    • IPtables-GUI will only ADD or DELETE to the IPtables BlackList ddos attacker chain
      • next generation version will automatically expire the DDoS attacker

    • IPtables-GUI can manually or automatically ADD the "bandwidth hog" into the iptables BlackList
      • bandwidth hogs and DDoS attackers can be added/tarpit'd per minute ( lots of data )
      • bandwidth hogs and DDoS attackers can be added/tarpit'd per hour
      • bandwidth hogs and DDoS attackers can be added/tarpit'd per day
        • daily updates might be too late .. DDoS attacks usually lasts a few hours
        • low volume (under the radar) attacks are continuous for weeks in duration

    • IPtables-GUI can manually or automatically DELETE un-used rules older than 7 days
      • iptables rules with zero count value
      • iptables rules that hasn't matched in the past 30 days ( "aged" inactive rules )
      • you'd want to minimize the number of iptable rules

    • IPtables-GUI can be run in apache/cgi-bin or from the command line, cron or scripts

    • IPtables-GUI is supported on CentOS-7.2, Debian-Testing, Slackware-14.1, SuSE-TumbleWeed


  • Bandwidth-Hogs.net+IPtables-BlackList.net==DDoS-Mitigator.net
    • DDoS-Mitigator.net Software Only == Your Linux Server must satisft these System Requirements
    • Order DDoS-Mitigator.net Appliance == IPtables + TARPIT == defend against DDoS attacks
      • $ 5,999 DDoS-OC3e 155Mbit/sec appliance == mini-ITX
      • $ 7,499 DDoS-OC3x 622Mbit/sec gigE appliance == mini-ITX
      • $ 12,999 DDoS-OC12 622Mbit/sec gigE appliance == 1U rackmount
      • $ 19,999 DDoS-OC48 2488Mbit/sec 10gigE appliance == 1U rackmount
      • $ email DDoS-OC192 9,952Mbit/sec 10gigE -- 100 gigE appliance == 1U rackmount
      • $ email DDoS-OC768 39,808Mbit/sec 40gigE -- 100 gigE appliance == 1U rackmount
      • $ email DDoS-OC3072 159,232Mbit/sec 160gigE == 4x40gigE appliance

    • Order DDoS-Simulator.net Appliance == simulate DDoS attackers
      • DDoS_Simulator.net can be either Linux-based or FreeBSD based
      • packetcrafter.pl included with Linux-based DDoS-Mitigator.net appliances

    • Please Email us for any pre-sales support questions you may have



  • IPtables-GUI (in)Security

    • IPtables-GUI command-line users should follow the normal root security procedures

    • IPtables-GUI aka HTML-based admin of iptables rules requires additional tasks/restrictions
      • IPtables-GUI should be run by user with sudo priviledges
        • you will need to setup apache to be able to run sudo iptables ..
      • IPtables-GUI should be password protected

      • IPtables-GUI should keep a copy of changes ( transaction logs ) as it runs

      • these rules apply to any gui-based management of iptables

    IPtables-GUI Bandwith Hogs == TCPdump Data Capture Mode

    • Bandwidth-Hogs.net

    • iptables-gui -tcpdump # capture incoming and outgoing packets

    • iptables-gui -data # convert SrcIP to DestIP into gnuplot/xplot data

    • iptables-gui -graph # convert SrcIP to DestIP into gnuplot bar graphs
    • Bandwidth Data - Graphs

    • Bandwidth Data - Text



    • IPtables-GUI Defending Against Incoming DDoS Attacks

      • Still under development ... not all features available

      • iptables-gui.pl .. semi-live Demo

      • manually or Automagically Tarpit Incoming DDoS attackers per minute or per day
      • manually or Automagically Remove old Incoming DDoS attackers over last 7 days

      • http://localhost/cgi-bin/iptables-gui.pl

      • iptables-gui -check # check your basic IPtable rule set for "missing rules"

      • iptables-gui -create # create example DDoS firewall

      • iptables-gui -view # show list of IPtable rules

      • iptables-gui -add # manually tarpit the incoming bandwidth hogs
      • iptables-gui -auto # automatically tarpit the incoming bandwidth hogs

      • iptables-gui -del 7 # delete iptable rules with zero counter value in last 7-days
      • iptables-gui -age 21 # delete iptable rules with no counter activity in last 21-days



      Copyright © 1994-2016 Linux-Consulting All Rights Reserved. Updated: Tue Jul 19 23:58:52 2016 PDT