How to block this DDoS?
Hello,
netstat -p
shows alot of connections like:
Please what can be done to block it? I did: iptables -A INPUT -s 212.185.55.IPHERE -j DROP iptables -A INPUT -s 212.185.55.0/24 -j DROP iptables-save restarted server, but it appears not to fix the issue, connections still there, server overloading..
tcp 0 0 45.102.235.65:http 212-185-55-113.static:51048 SYN_RECV -
tcp 0 0 45.102.235.65:http testbed210.hbs.net:cft-0 SYN_RECV -
tcp 0 0 45.102.235.65:http 212-185-55-196.static:56017 SYN_RECV -
tcp 0 0 45.102.235.65:http 212-185-55-113.static:50886 SYN_RECV -
tcp 0 0 45.102.235.65:http testbed210.hbs.net:1783 SYN_RECV -
tcp 0 0 45.102.235.65:http 212-185-55-206.static:36746 SYN_RECV -
tcp 0 0 45.102.235.65:http 212-185-55-225.static:35017 SYN_RECV -
tcp 0 0 45.102.235.65:http 212-185-55-10.static.:34768 SYN_RECV -
tcp 0 0 45.102.235.65:http 212-185-55-89.static.:36886 SYN_RECV -
tcp 0 0 45.102.235.65:http testbed210.hbs.net:ncpm-pm SYN_RECV -
tcp 0 0 45.102.235.65:http testbed210.hb:powerguardian SYN_RECV -
tcp 0 0 45.102.235.65:http 212-185-67-58.static.:56714 SYN_RECV -
tcp 0 0 45.102.235.65:http 212-185-55-10.static.:34007 SYN_RECV -
tcp 0 0 45.102.235.65:http 212-185-55-10.static.:34769 SYN_RECV -
tcp 0 0 45.102.235.65:http 212-185-55-10.static.:34710 SYN_RECV -
tcp 0 0 45.102.235.65:http 212-185-55-196.static:55674 SYN_RECV -
tcp 0 0 45.102.235.65:http 212-185-55-196.static:56463 SYN_RECV -
tcp 0 0 45.102.235.65:http server1.mrabyte2.com:54092 SYN_RECV -
tcp 0 0 45.102.235.65:http 212-185-67-58.static.:55961 SYN_RECV -
tcp 0 0 45.102.235.65:http 212-185-55-206.static:60098 SYN_RECV -
tcp 0 0 45.102.235.65:http 212-185-55-89.static.:36253 SYN_RECV -
tcp 0 0 45.102.235.65:http 212-185-67-58.static.:56686 SYN_RECV -
tcp 0 0 45.102.235.65:http 212-185-55-29.static.:59938 SYN_RECV -
tcp 0 0 45.102.235.65:http 212-185-55-29.static.:59745 SYN_RECV -
tcp 0 0 45.102.235.65:http 212-185-55-225.static:35181 SYN_RECV -
tcp 0 0 45.102.235.65:interwise host-197.35.29.77.ted:61777 ESTABLISHED -
tcp 0 0 45.102.235.65:interwise host-197.35.29.77.ted:61778 ESTABLISHED -
tcp 0 0 45.102.235.65:interwise host-197.35.29.77.ted:61771 ESTABLISHED -
tcp 0 0 45.102.235.65:interwise host-197.35.29.77.ted:61770 TIME_WAIT -
tcp 0 0 45.102.235.65:interwise host-197.35.29.77.ted:61773 ESTABLISHED -
tcp 0 0 45.102.235.65:interwise host-197.35.29.77.ted:61772 ESTABLISHED -
tcp 0 0 45.102.235.65:interwise host-197.35.29.77.ted:61765 TIME_WAIT -
tcp 199 0 ::ffff:45.102.235.65:http 212-185-55-113.static:55675 CLOSE_WAIT -
tcp 141 0 ::ffff:45.102.235.65:http 212-185-55-113.static:56443 CLOSE_WAIT -
tcp 206 0 ::ffff:45.102.235.65:http 212-185-55-113.static:56435 CLOSE_WAIT -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-225.static:38685 ESTABLISHED -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-89.static.:43103 ESTABLISHED -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-113.static:49527 ESTABLISHED -
tcp 0 3357 ::ffff:45.102.235.65:http 212-185-67-58.static.:33825 LAST_ACK -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-225.static:36879 ESTABLISHED -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-113.static:54629 ESTABLISHED -
tcp 190 0 ::ffff:45.102.235.65:http 212-185-55-225.static:41481 CLOSE_WAIT -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-225.static:36148 ESTABLISHED -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-29.static.:37174 ESTABLISHED -
tcp 0 3357 ::ffff:45.102.235.65:http 212-185-55-29.static.:37430 LAST_ACK -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-89.static.:41079 ESTABLISHED -
tcp 203 0 ::ffff:45.102.235.65:http 212-185-55-225.static:40240 CLOSE_WAIT -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-29.static.:33316 ESTABLISHED -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-29.static.:35873 ESTABLISHED -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-29.static.:59938 ESTABLISHED -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-67-58.static.:34056 ESTABLISHED -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-29.static.:35880 ESTABLISHED -
tcp 177 0 ::ffff:45.102.235.65:http 212-185-67-58.static.:34060 CLOSE_WAIT -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-113.static:56123 ESTABLISHED -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-29.static.:38487 ESTABLISHED -
tcp 171 0 ::ffff:45.102.235.65:http 212-185-55-89.static.:44562 CLOSE_WAIT -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-29.static.:37200 ESTABLISHED -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-225.static:36703 ESTABLISHED -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-67-58.static.:59513 ESTABLISHED -
tcp 214 0 ::ffff:45.102.235.65:http 212-185-55-29.static.:59743 CLOSE_WAIT -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-29.static.:34399 ESTABLISHED -
tcp 196 0 ::ffff:45.102.235.65:http 212-185-55-225.static:43100 CLOSE_WAIT -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-225.static:38214 ESTABLISHED -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-67-58.static.:59239 ESTABLISHED -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-89.static.:42761 ESTABLISHED -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-67-58.static.:60525 ESTABLISHED -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-29.static.:37195 ESTABLISHED -
tcp 193 0 ::ffff:45.102.235.65:http 212-185-55-89.static.:43825 CLOSE_WAIT -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-29.static.:37748 ESTABLISHED -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-29.static.:37495 ESTABLISHED -
tcp 169 0 ::ffff:45.102.235.65:http 212-185-55-89.static.:44595 CLOSE_WAIT -
tcp 172 0 ::ffff:45.102.235.65:http 212-185-55-29.static.:36214 CLOSE_WAIT -
tcp 175 0 ::ffff:45.102.235.65:http 212-185-55-89.static.:36663 CLOSE_WAIT -
tcp 166 0 ::ffff:45.102.235.65:http 212-185-55-89.static.:44086 CLOSE_WAIT -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-67-58.static.:34651 ESTABLISHED -
tcp 183 0 ::ffff:45.102.235.65:http 212-185-55-225.static:42110 CLOSE_WAIT -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-67-58.static.:34650 ESTABLISHED -
tcp 211 0 ::ffff:45.102.235.65:http 212-185-55-225.static:39549 CLOSE_WAIT -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-67-58.static.:58975 ESTABLISHED -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-29.static.:37496 ESTABLISHED -
tcp 173 0 ::ffff:45.102.235.65:http 212-185-55-29.static.:36219 CLOSE_WAIT -
tcp 153 0 ::ffff:45.102.235.65:http 212-185-55-113.static:47894 CLOSE_WAIT -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-225.static:34681 ESTABLISHED -
tcp 0 0 ::ffff:45.102.235.65:http 212-185-55-225.static:39012 ESTABLISHED -
tcp 219 0 ::ffff:45.102.235.65:http 212-185-55-29.static.:59745 CLOSE_WAIT -
Please what can be done to block it? I did: iptables -A INPUT -s 212.185.55.IPHERE -j DROP iptables -A INPUT -s 212.185.55.0/24 -j DROP iptables-save restarted server, but it appears not to fix the issue, connections still there, server overloading..
-
This is very effective to tackle low DDOs attack wget http://www.inetbase.com/scripts/ddos/install.sh chmod 0700 install.sh ./install.sh
[url=http://deflate.medialayer.com/](D)DoS Deflate - deflate.medialayer.com Also, install CSF firewall. They also control DDOS attack to some limit.0 -
Hello :) DDOS attacks can be difficult to mitigate with standard firewalls such as CSF. You may want to consult with your data center to see if they offer any mitigation services or if there is anything they can do to assist you. Thank you. 0 -
thx, you did not answered my question. you just answered thread title. my question is rather iptables related. PS: instead of iptables -A INPUT -s can be good to do iptables -I INPUT -s 0 -
I know this doesn't answer your iptables question, however, since those are all HTTP connections have you checked your apache access logs? You might be able to find what they're doing and fix the "real" issue as opposed to just blocking IP addresses. I'd start with an httpd fullstatus to see what domain is being hit, and check that domains access logs. You might acutally have something that's easy to deal with here, but a netstat just isn't enough info to know what needs to be mitigated. 0
Please sign in to leave a comment.
Comments
4 comments