Server software firewall cannot help with ddos attacks. Basically if those are indeed ddos attacks you’ll have to look into mitigation solutions which are quite expensive. CloudFlare won’t work as well since they do not support streaming. You should consider getting a server at a data center which provide ddos mitigation, I know that OVH’s mitigation is quite good. בתאריך יום ג׳, 5 ביוני 2018 ב-23:10 מאת Alejandro Flores <alex at mordormx.net>:> may be this url can help > > > https://icecast.imux.net/viewtopic.php?p=7084&sid=6ce1e17b6ad49e0a24be0e60b526f760 > > > " > [image: Post] > <https://icecast.imux.net/viewtopic.php?p=7579&sid=149783b084f48b41a22bfe472e82d97a#7579>Posted: > Mon Jan 29, 2007 12:14 pm Post subject: [image: Reply with quote] > <https://icecast.imux.net/posting.php?mode=quote&p=7579&sid=149783b084f48b41a22bfe472e82d97a> > ------------------------------ > These firewall rules (iptables) could help: > > *Code:* > iptables -A INPUT -p tcp --dport 8000 -m state --state NEW -m recent -i > eth0 --set --name ICECAST -j ACCEPT > iptables -A INPUT -p tcp --dport 8000 -m recent -i eth0 --update --seconds > 60 --hitcount 4 --rttl --name ICECAST -j LOG --log-prefix > "ICECAST_too_many_connections" > iptables -A INPUT -p tcp --dport 8000 -m recent -i eth0 --update --seconds > 60 --hitcount 4 --rttl --name ICECAST -j DROP > > This allows three connections within a minute by the same IP, the forth > will cause the IP to be blocked for another minute. > > > On Tue, Jun 5, 2018 at 3:07 PM, Victor Moreno <vitjam at gmail.com> wrote: > >> >> I ask because I only receive attacks when I activate icecast. I can not >> do anything at the application level ?. i used ubuntu server 16.04. >> thanks. >> >> 2018-06-05 14:52 GMT-05:00 Alejandro Flores <alex at mordormx.net>: >> >>> I think you should contact to your connectivity provider, hopefully they >>> can provide you the Anti DDOS protection. >>> >>> >>> On Tue, Jun 5, 2018 at 2:16 PM, Victor Moreno <vitjam at gmail.com> wrote: >>> >>>> Hi. >>>> >>>> I have a problem with the icecast. When I activate the service I am >>>> having an exesive consumption in the ip queries. It seems like a DDOS >>>> attack. How can I mitigate this attack? >>>> >>>> Thanks. >>>> >>>> >>>> _______________________________________________ >>>> Icecast mailing list >>>> Icecast at xiph.org >>>> http://lists.xiph.org/mailman/listinfo/icecast >>>> >>>> >>> >>> >>> -- >>> Alejandro Flores L. >>> LIA. CEH. VCP. >>> 5513998178 >>> >>> _______________________________________________ >>> Icecast mailing list >>> Icecast at xiph.org >>> http://lists.xiph.org/mailman/listinfo/icecast >>> >>> >> >> >> -- >> Victor Moreno >> Ingeniero Electrónico >> 3177684646 >> >> _______________________________________________ >> Icecast mailing list >> Icecast at xiph.org >> http://lists.xiph.org/mailman/listinfo/icecast >> >> > > > -- > Alejandro Flores L. > LIA. CEH. VCP. > 5513998178 > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast >-- Yahav Shasha, Web Developer +972-(0)549214421 http://www.linkedin.com/in/yahavs -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast/attachments/20180605/5943075a/attachment.html>
вт, 5 июн. 2018 г., 23:17 Yahav Shasha <yahav.shasha at gmail.com>:> Server software firewall cannot help with ddos attacks. >I wouldn't say that. If is about tcp syn or connect type of an attack, than those iptables rules + syn cookies in sysctl would help much. If it is kind of a udp flood than yes, you are right, nothing will help much, only services like cloudlare, but they are too expensive for saving online radio I guess. I would analyze, what type of an attack it is and if it is an udp flood then just move to another ip (if those are not hostname based attacks of course) -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast/attachments/20180606/be9d9d1e/attachment.html>
well, on a large enough scale, it won't matter even if the server drops them, it will clog the nic way before it even gets to the server.. On Wed, Jun 6, 2018 at 9:40 AM Roman <romeo.r at gmail.com> wrote:> > вт, 5 июн. 2018 г., 23:17 Yahav Shasha <yahav.shasha at gmail.com>: > >> Server software firewall cannot help with ddos attacks. >> > > I wouldn't say that. If is about tcp syn or connect type of an attack, > than those iptables rules + syn cookies in sysctl would help much. If it is > kind of a udp flood than yes, you are right, nothing will help much, only > services like cloudlare, but they are too expensive for saving online radio > I guess. I would analyze, what type of an attack it is and if it is an udp > flood then just move to another ip (if those are not hostname based attacks > of course) > _______________________________________________ > Icecast mailing list > Icecast at xiph.org > http://lists.xiph.org/mailman/listinfo/icecast >-- Yahav Shasha, Web Developer +972-(0)549214421 http://www.linkedin.com/in/yahavs -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast/attachments/20180606/6a91f1ce/attachment-0001.html>