Hello I have a big Dos attack in my box Now everything is good cause I block a lot of IPs but after 1 hours everything will be back

3799 root 15 0 6936 1240 1060 S 4.0 0.1 0:10.15 pure-ftpd
5234 nobody 15 0 6044 3500 2264 S 0.7 0.3 0:00.03 httpd
5345 nobody 15 0 6044 3504 2256 S 0.7 0.3 0:00.03 httpd
5389 root 17 0 1996 1084 752 R 0.7 0.1 0:00.13 top
5397 nobody 15 0 6044 3500 2256 S 0.7 0.3 0:00.04 httpd
5425 nobody 15 0 6044 3528 2268 S 0.7 0.3 0:00.03 httpd
3282 named 18 0 39360 3220 2152 S 0.3 0.3 0:00.18 named
5090 nobody 15 0 6044 3564 2268 S 0.3 0.4 0:00.09 httpd
5109 nobody 15 0 6044 3500 2260 S 0.3 0.3 0:00.06 httpd
5111 nobody 16 0 6060 3564 2276 S 0.3 0.4 0:00.06 httpd
5112 nobody 15 0 6044 3556 2264 S 0.3 0.3 0:00.08 httpd
5115 nobody 15 0 6044 3556 2264 S 0.3 0.3 0:00.06 httpd
5151 nobody 15 0 6044 3520 2268 S 0.3 0.3 0:00.06 httpd
5168 root 15 0 7516 2212 1828 S 0.3 0.2 0:00.03 sshd
5210 nobody 15 0 6048 3560 2264 S 0.3 0.4 0:00.05 httpd
5222 nobody 15 0 6044 3508 2256 S 0.3 0.3 0:00.05 httpd
5225 nobody 15 0 6044 3508 2260 S 0.3 0.3 0:00.03 httpd
5232 nobody 15 0 6044 3560 2264 S 0.3 0.4 0:00.03 httpd
5242 nobody 15 0 6044 3508 2260 S 0.3 0.3 0:00.04 httpd
5257 nobody 15 0 6044 3496 2256 S 0.3 0.3 0:00.05 httpd
5261 nobody 17 0 6044 3512 2256 S 0.3 0.3 0:00.01 httpd
5262 nobody 15 0 5904 3424 2232 S 0.3 0.3 0:00.02 httpd
5269 nobody 15 0 6044 3496 2256 S 0.3 0.3 0:00.02 httpd
5277 nobody 15 0 6044 3556 2264 S 0.3 0.3 0:00.04 httpd
5283 nobody 15 0 6044 3552 2264 S 0.3 0.3 0:00.04 httpd
5285 nobody 16 0 6044 3556 2268 S 0.3 0.3 0:00.03 httpd
5358 nobody 15 0 5904 3424 2232 S 0.3 0.3 0:00.01 httpd
5366 nobody 15 0 6044 3552 2264 S 0.3 0.3 0:00.04 httpd
5370 nobody 15 0 6044 3500 2260 S 0.3 0.3 0:00.01 httpd
5372 nobody 16 0 6044 3496 2256 S 0.3 0.3 0:00.01 httpd
5378 nobody 15 0 6044 3520 2268 S 0.3 0.3 0:00.03 httpd
5379 nobody 15 0 6044 3560 2268 S 0.3 0.4 0:00.03 httpd
5384 nobody 16 0 6044 3560 2264 S 0.3 0.4 0:00.02 httpd
5394 nobody 15 0 6044 3508 2260 S 0.3 0.3 0:00.01 httpd
5403 nobody 15 0 6044 3496 2256 S 0.3 0.3 0:00.01 httpd
5405 nobody 15 0 6044 3508 2268 S 0.3 0.3 0:00.01 httpd
5421 nobody 15 0 6044 3524 2268 S 0.3 0.3 0:00.01 httpd

over 300 process nobody

bwm-ng
700 Kb/s as total traffic


netstat -n | grep :80 |wc -l
7532

netstat -n | grep :80 | grep SYN |wc -l
823

httpd.conf
-------------
Timeout 15

KeepAlive Off

KeepAliveTimeout 5

MinSpareServers 15
MaxSpareServers 20

MaxRequestsPerChild: 100

-------------

APF installed and configured
mod_dosevasive is installed But I think it is not help ( I don't know why ) cause I don't see that let apf block any IP

echo 1 > /proc/sys/net/ipv4/tcp_syncookies

---------------

Then what is next what I must do ???