0

I am setting up anti-ddos iptables rules on a kali linux vm for a class. I have tried two methods, one being just the iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j RETURN rule and the other using the bash file from here https://github.com/xenvn/iptables-ddos-protect/blob/main/rules.sh. Both times I used a python script to test that looked like this:


target_ip = "127.0.0.1"
target_port = 80

syn_packet = IP(dst=target_ip) / TCP(dport=target_port, flags="S")

send(syn_packet, count=10000, inter=0.0001)

After setting up the rules and then running the script, I used the sudo iptables -L -v -n command to see what rules got hits. In each case, the rules came back with 0 results, so I am not sure if its the rules aren't working or if testing using the loopback address doesn't work. What am I doing wrong?

EDIT: I added another rule to enable logging and made the file in /var/log. Using the sudo tail -f /var/log/iptables.log command is making the following output:

┌──(kali㉿kali)-[~]
└─$ sudo tail -f /var/log/iptables.log
May  5 17:43:09 kali kernel: [   77.295500] Monitor 0 (w,h)=(1920,944) (x,y)=(0,0)
May  5 17:43:09 kali kernel: [   77.295862] Sending monitor positions (8 of them)  to the host: VINF_SUCCESS
May  5 17:43:09 kali kernel: [   77.295918] RRScreenChangeNotify event received
May  5 17:43:09 kali kernel: [   77.296002] Monitor 0 (w,h)=(1920,944) (x,y)=(0,0)
May  5 17:43:09 kali kernel: [   77.296082] Sending monitor positions (8 of them)  to the host: VINF_SUCCESS
May  5 17:43:09 kali kernel: [   77.296132] RRScreenChangeNotify event received
May  5 17:43:09 kali kernel: [   77.296754] Monitor 0 (w,h)=(1920,944) (x,y)=(0,0)
May  5 17:43:09 kali kernel: [   77.297478] Sending monitor positions (8 of them)  to the host: VINF_SUCCESS
May  5 17:45:49 kali kernel: [  237.350100] device lo entered promiscuous mode
May  5 17:45:50 kali kernel: [  238.332596] device lo left promiscuous mode
^C
Improve this question
3
  • The log snippet you showed is probably related to graphical environment and has nothing to do with iptables. // So, after executing your first rule (with limit match) iptables -L showed nothing? That's very strange. Were there any error messages when you were executing the rule? Also, try iptables-save to view the setup of the firewall; iptables -L seems to hide details sometimes.
    – Nikita Kipriyanov
    Commented May 6 at 8:18
  • No, there were no error messages and the actual rules were there when I did iptables -L, just no hits or too few hits to have actually worked, since the script would send around 7k packets but the rule would only have 10 hits on it. Would it being a VM and using the loopback address be causing this maybe since it isnt actually crossing a port?
    – James Meghrian
    Commented May 8 at 1:47
  • No, VM is no different from a hardware system in this case.
    – Nikita Kipriyanov
    Commented May 8 at 4:37

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .