Results 1 to 6 of 6
  1. #1

    Advanced Help needed - DoS

    We got this.

    Some Network / Application makes a connection to our HTTPD Server without any action.

    84.186.46.126 - - [29/Jul/2005:13:19:25 +0200] "-" 408 -
    84.186.46.126 - - [29/Jul/2005:13:19:25 +0200] "-" 408 -
    84.186.46.126 - - [29/Jul/2005:13:19:25 +0200] "-" 408 -
    84.186.46.126 - - [29/Jul/2005:13:19:25 +0200] "-" 408 -

    Looks like that. What todo in this case ? Any way to filter this ?
    Or to trace back ?

  2. #2
    Join Date
    May 2002
    Location
    Moscow
    Posts
    1,490
    Rustelekom LLC Dedicated server since 2002, RIPE NCC member, LIR, AS51168

  3. #3
    That won`t help LOL. Not like i cannot deny a IP which attacks.
    I`m talking about a lange range which is doing the DoS i mentioned above.

  4. #4
    Join Date
    May 2002
    Location
    Moscow
    Posts
    1,490
    if you attacked from one ip address just block it by firewall rule. but attacker may change it in anytime.
    Rustelekom LLC Dedicated server since 2002, RIPE NCC member, LIR, AS51168

  5. #5
    Originally posted by worldhosting
    if you attacked from one ip address just block it by firewall rule. but attacker may change it in anytime.
    I said a large range of IPs. Maybe a botnet. The Logs above are just and example how it looks like, so you can understand the attack itself...

  6. #6
    Join Date
    May 2002
    Location
    Moscow
    Posts
    1,490
    from large distributed flood you may defend by follow my link. this is not uninveral way but it is easy and fast.

    of course, you may try filter ddos using netfilter features and may be you have access, but i must say that current syn-flood attack is hard for filtering without expensive hardware.
    Good luck!
    Rustelekom LLC Dedicated server since 2002, RIPE NCC member, LIR, AS51168

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •