Hey WHT,

I've been lurking on WHT for a while, and recently I joined up as a systems administrator on a Minecraft server (full administrator, as in I set up everything and keep it running smoothly, I fully manage it myself), and while I got everything working perfectly fine on our Limestone Networks dedi (C2Q 9400 2.66ghz, 8GB RAM, 500GB HDD, 100mbps port), I've been having some troubles with DDOS/DOS attacks recently.

Yes, a 3 week old server having troubles with attacks. (The most recent ones I've been having are from a very disgruntled banned player).

Now I can handle CentOS and the like fine for most tasks, but I've never learned much about what to do about DDOS/DOS attacks, especially with the scale of these attacks (75-100 mbps usually, which often maxes out our line). Limestone has great support, and they automatically stop most attacks within a few minutes, but I'm wondering if there's a way to detect/stop/log these attack instead of waiting for Limestone to get rid of them? We're also thinking of switching hosts due to cost issues, and I would especially need a method to stop attacks on hosts with stricter bandwidth and QOS policies.

I caught the attacker's IPs once (they were using Amazon EC2), but Amazon denied that the IPs ever touched us.

Basically, how and with what tools would I be able to stop/log DOS and DDOS attacks on CentOS 5.5, with that hardware/network.

I would love any and all advice on this matter.