I ask because I only receive attacks when I activate icecast. I can not do anything at the application level ?. i used ubuntu server 16.04. thanks. 2018-06-05 14:52 GMT-05:00 Alejandro Flores <alex at mordormx.net>:> I think you should contact to your connectivity provider, hopefully they > can provide you the Anti DDOS protection. > > > On Tue, Jun 5, 2018 at 2:16 PM, Victor Moreno <vitjam at gmail.com> wrote: > >> Hi. >> >> I have a problem with the icecast. When I activate the service I am >> having an exesive consumption in the ip queries. It seems like a DDOS >> attack. How can I mitigate this attack? >> >> Thanks. >> >> >> _______________________________________________ >> Icecast mailing list >> Icecast at xiph.org >> http://lists.xiph.org/mailman/listinfo/icecast >> >> > > > -- > Alejandro Flores L. > LIA. CEH. VCP. > 5513998178 > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast > >-- Victor Moreno Ingeniero Electrónico 3177684646 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast/attachments/20180605/f603e1ed/attachment.html>
may be this url can help https://icecast.imux.net/viewtopic.php?p=7084&sid=6ce1e17b6ad49e0a24be0e60b526f760 " [image: Post] <https://icecast.imux.net/viewtopic.php?p=7579&sid=149783b084f48b41a22bfe472e82d97a#7579>Posted: Mon Jan 29, 2007 12:14 pm Post subject: [image: Reply with quote] <https://icecast.imux.net/posting.php?mode=quote&p=7579&sid=149783b084f48b41a22bfe472e82d97a> ------------------------------ These firewall rules (iptables) could help: *Code:* iptables -A INPUT -p tcp --dport 8000 -m state --state NEW -m recent -i eth0 --set --name ICECAST -j ACCEPT iptables -A INPUT -p tcp --dport 8000 -m recent -i eth0 --update --seconds 60 --hitcount 4 --rttl --name ICECAST -j LOG --log-prefix "ICECAST_too_many_connections" iptables -A INPUT -p tcp --dport 8000 -m recent -i eth0 --update --seconds 60 --hitcount 4 --rttl --name ICECAST -j DROP This allows three connections within a minute by the same IP, the forth will cause the IP to be blocked for another minute. On Tue, Jun 5, 2018 at 3:07 PM, Victor Moreno <vitjam at gmail.com> wrote:> > I ask because I only receive attacks when I activate icecast. I can not do > anything at the application level ?. i used ubuntu server 16.04. thanks. > > 2018-06-05 14:52 GMT-05:00 Alejandro Flores <alex at mordormx.net>: > >> I think you should contact to your connectivity provider, hopefully they >> can provide you the Anti DDOS protection. >> >> >> On Tue, Jun 5, 2018 at 2:16 PM, Victor Moreno <vitjam at gmail.com> wrote: >> >>> Hi. >>> >>> I have a problem with the icecast. When I activate the service I am >>> having an exesive consumption in the ip queries. It seems like a DDOS >>> attack. How can I mitigate this attack? >>> >>> Thanks. >>> >>> >>> _______________________________________________ >>> Icecast mailing list >>> Icecast at xiph.org >>> http://lists.xiph.org/mailman/listinfo/icecast >>> >>> >> >> >> -- >> Alejandro Flores L. >> LIA. CEH. VCP. >> 5513998178 >> >> _______________________________________________ >> Icecast mailing list >> Icecast at xiph.org >> http://lists.xiph.org/mailman/listinfo/icecast >> >> > > > -- > Victor Moreno > Ingeniero Electrónico > 3177684646 > > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast > >-- Alejandro Flores L. LIA. CEH. VCP. 5513998178 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast/attachments/20180605/e2c47b49/attachment-0001.html>
Server software firewall cannot help with ddos attacks. Basically if those are indeed ddos attacks you’ll have to look into mitigation solutions which are quite expensive. CloudFlare won’t work as well since they do not support streaming. You should consider getting a server at a data center which provide ddos mitigation, I know that OVH’s mitigation is quite good. בתאריך יום ג׳, 5 ביוני 2018 ב-23:10 מאת Alejandro Flores <alex at mordormx.net>:> may be this url can help > > > https://icecast.imux.net/viewtopic.php?p=7084&sid=6ce1e17b6ad49e0a24be0e60b526f760 > > > " > [image: Post] > <https://icecast.imux.net/viewtopic.php?p=7579&sid=149783b084f48b41a22bfe472e82d97a#7579>Posted: > Mon Jan 29, 2007 12:14 pm Post subject: [image: Reply with quote] > <https://icecast.imux.net/posting.php?mode=quote&p=7579&sid=149783b084f48b41a22bfe472e82d97a> > ------------------------------ > These firewall rules (iptables) could help: > > *Code:* > iptables -A INPUT -p tcp --dport 8000 -m state --state NEW -m recent -i > eth0 --set --name ICECAST -j ACCEPT > iptables -A INPUT -p tcp --dport 8000 -m recent -i eth0 --update --seconds > 60 --hitcount 4 --rttl --name ICECAST -j LOG --log-prefix > "ICECAST_too_many_connections" > iptables -A INPUT -p tcp --dport 8000 -m recent -i eth0 --update --seconds > 60 --hitcount 4 --rttl --name ICECAST -j DROP > > This allows three connections within a minute by the same IP, the forth > will cause the IP to be blocked for another minute. > > > On Tue, Jun 5, 2018 at 3:07 PM, Victor Moreno <vitjam at gmail.com> wrote: > >> >> I ask because I only receive attacks when I activate icecast. I can not >> do anything at the application level ?. i used ubuntu server 16.04. >> thanks. >> >> 2018-06-05 14:52 GMT-05:00 Alejandro Flores <alex at mordormx.net>: >> >>> I think you should contact to your connectivity provider, hopefully they >>> can provide you the Anti DDOS protection. >>> >>> >>> On Tue, Jun 5, 2018 at 2:16 PM, Victor Moreno <vitjam at gmail.com> wrote: >>> >>>> Hi. >>>> >>>> I have a problem with the icecast. When I activate the service I am >>>> having an exesive consumption in the ip queries. It seems like a DDOS >>>> attack. How can I mitigate this attack? >>>> >>>> Thanks. >>>> >>>> >>>> _______________________________________________ >>>> Icecast mailing list >>>> Icecast at xiph.org >>>> http://lists.xiph.org/mailman/listinfo/icecast >>>> >>>> >>> >>> >>> -- >>> Alejandro Flores L. >>> LIA. CEH. VCP. >>> 5513998178 >>> >>> _______________________________________________ >>> Icecast mailing list >>> Icecast at xiph.org >>> http://lists.xiph.org/mailman/listinfo/icecast >>> >>> >> >> >> -- >> Victor Moreno >> Ingeniero Electrónico >> 3177684646 >> >> _______________________________________________ >> Icecast mailing list >> Icecast at xiph.org >> http://lists.xiph.org/mailman/listinfo/icecast >> >> > > > -- > Alejandro Flores L. > LIA. CEH. VCP. > 5513998178 > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast >-- Yahav Shasha, Web Developer +972-(0)549214421 http://www.linkedin.com/in/yahavs -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast/attachments/20180605/5943075a/attachment.html>