Linux-Noob Forums

Full Version: Dos attacks and flooding
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Hello everyone,

 

I've got myself Ubuntu box and I like it, but there are some problems that I can't solve. I've got myself an online web based text game and people like to do tricks with my server, at first they've tried to bruteforce my sshd, but I've found a solution for that. However they're now flooding/dosing and I know what more to my server. Okay so the problem is like this: I have 30gb/month of bandwith (I know that's not much, but hey, I don't have money to rent a dedicated server) and that amount was quite enough for my game last months. Still, this month is too weird, I exceeded my bandwith in 15 days, when I usually did that in 29 or something. I tried to tune my apache and I almost did it. Had myself mod-security, but somehow I didn't manage to setup od-dosevasive even though I've tried your tuts and even apt-get that mod. Can't remember where but I've read about some kind of this attack (ye, I'm way new to linux)

 



Code:
netstat -s|grep listen




 

21840 times the listen queue of a socket overflowed. so, someone is definitely playing around. I'm sure that I'll seem noobish, but people could you help me out with this issue? That bandwith stealing isn't way cool and another thing I've noticed is very high my server's load :x

 

Well, thanks in advance,

faifas


Unfortunately, there is simply no solution.

 

Let us say that you begin to block the traffic that is hitting your box, the fact is it is still reaching your box, its just you are throwing it away. So your monthly usage is still getting eaten up. The only way to solve this would be to speak to who ever provides you with the server and ask them to set up some sort of filter prior to your box, that way the traffic doesn't reach you and therefore doesn't take up your usage.

 

You can try turning off the service for a period of time, or simply dropping all traffic (with iptables), this can sometimes encourage the person who is attacking you box to give up but not always.

 

Sorry, no way out of that!

 

PS: The quicker way to see listening ports is to use:



Code:
netstat -tl




Thank you for your reply!