Blue Team Defense

Rio Weber
Rio Weber in dfclub
Feb 20, 2017 · 1 min read

Notes from BCDC. Quick How To guide.


Firewall Rules

Ubuntu Linux

Disable SSH

iptables -A INPUT -p tcp --dport 22 -j DROP

Flush iptables Rules

iptables -F

Block IP Address

iptables -A INPUT -s IP_ADDRESS_TO_BLOCK -j DROP

Delete a rule based on it’s number in iptables

iptables -D INPUT RULE_NUMBER

Drop a specific rule for a specific IP Address

iptables -I INPUT RULE_NUMBER -s IP_ADDRESS_ -j DROP

Linux Blue Team Process

From Scratch

List all running processes. (exit with “q”)

$ top

See what services are running. (pipe to less) + = running, = stopped, ? = unknown

service --status-all | less

DDOS Attack — limit one host to 20 connections to port 80

iptables -I INPUT -p tcp --dport 80 \ -m connlimit --connlimit-above 20 --connlimit-mask 40 -j DROP

dfclub

Bloomsburg University Digital Forensics Club.

Rio Weber

Written by

Rio Weber

It doesn’t get better than this.

dfclub

dfclub

Bloomsburg University Digital Forensics Club.