0

I've been googling for hours now but can't find a sure or helpful answer. I need to disable high-volume outgoing UDP from my server.

I'm trying to configure APF because of the RAB functionality, but fail because the module ipt_recent is not enabled. No luck with modprobe either.

modprobe: ERROR: ../libkmod/libkmod.c:507 kmod_lookup_alias_from_builtin_file() could not open builtin file '/lib/modules/3.13.0-042stab103.6/modules.builtin.bin'
modprobe: FATAL: Module ipt_recent not found.

I have installed Deflate, but it was before the attacks happened so it's probably not working.

Can someone point me in the right direction to either fix the ipt_recent module, or a completely different angle to deny the outgoing UDP flood?

MadHatter
  • 78,442
  • 20
  • 178
  • 229
Roboroads
  • 111
  • 2
  • 1
    What flavor of UDP flood? If it's DNS, then one solution might be to not offer recursion on the DNS server, or some nameservers now ship with rate throttling mechanisms. – thrig Sep 28 '15 at 14:16
  • http. The attacker used port 80 to flood. I've set up APF so UDP port 80 is not accessible anymore. – Roboroads Sep 29 '15 at 12:45
  • 1
    If the flood is coming from your server, then it is compromised and should be reinstalled. – André Borie Oct 06 '15 at 14:34
  • Is it a real VPS, or a mere container (and if the latter, is it by any chance OpenVZ)? – MadHatter Oct 06 '15 at 20:02

0 Answers0