Moreover, if the attack comes with SPAM email repeatedly in large numbers, to be sure the CPU or memory will be used to run SpamAssassin this process.
So in this paper the author would like to introduce how to prevent attacks in this top layer with the kernel using iptables. Because iptables is blocked with the automatic resource (CPU, Memory) our server will not be used at all. When there is a request from list ip address the problem of spamhaus.org, it will be directly in this block through iptables. Thus, automatic service-service we will be running normally, without interruption or additional burden.
Here is a short script that we can install in our server. How this script is very simple, the first list will take the ip address that was registered in the spamhaus.org (http://www.spamhaus.org/drop/drop.lasso) as an ip address that is often problematic due to SPAM attacks, scanning or DoS.
- ILE="/tmp/drop.lasso"
- URL="http://www.spamhaus.org/drop/drop.lasso"
- echo ""
- echo -n "Applying DROP list to existing firewall..."
- [ -f $FILE ] && /bin/rm -f $FILE || :
- cd /tmp
- wget $URL
- #iptables policy di hapus
- /sbin/iptables -F
- #jalankan policy yang sudah ada
- ./regular_rules
- blocks=$(cat $FILE | egrep -v '^;' | awk '{ print $1}')
- /sbin/iptables -N droplist
- for ipblock in $blocks
- do
- /sbin/iptables -A droplist -s $ipblock -j LOG --log-prefix "DROP List Block"
- /sbin/iptables -A droplist -s $ipblock -j DROP
- done
- /sbin/iptables -I INPUT -j droplist
- /sbin/iptables -I OUTPUT -j droplist
- /sbin/iptables -I FORWARD -j droplist
- echo "...Done"
- /bin/rm -f $FILE
regular_rules is that we run the script before running the script above. This script contains the policy of iptables before we have removed with the command iptables-F. Certainly, if you do not have a policy in your iptables, regular_rules line is not needed.
No comments:
Post a Comment