Linux-Noob Forums Linux Server Administration Security and Firewalls v
Dos attacks and flooding

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode
Dos attacks and flooding
faifas Offline
Junior Member
**
Posts: 8
Threads: 4
Joined: Apr 2007
Reputation: 0
#1
2007-06-20, 05:01 PM (This post was last modified: 2007-06-21, 10:22 PM by znx.)

Hello everyone,

 

I've got myself Ubuntu box and I like it, but there are some problems that I can't solve. I've got myself an online web based text game and people like to do tricks with my server, at first they've tried to bruteforce my sshd, but I've found a solution for that. However they're now flooding/dosing and I know what more to my server. Okay so the problem is like this: I have 30gb/month of bandwith (I know that's not much, but hey, I don't have money to rent a dedicated server) and that amount was quite enough for my game last months. Still, this month is too weird, I exceeded my bandwith in 15 days, when I usually did that in 29 or something. I tried to tune my apache and I almost did it. Had myself mod-security, but somehow I didn't manage to setup od-dosevasive even though I've tried your tuts and even apt-get that mod. Can't remember where but I've read about some kind of this attack (ye, I'm way new to linux)

 



Code:
netstat -s|grep listen




 

21840 times the listen queue of a socket overflowed. so, someone is definitely playing around. I'm sure that I'll seem noobish, but people could you help me out with this issue? That bandwith stealing isn't way cool and another thing I've noticed is very high my server's load :x

 

Well, thanks in advance,

faifas

Find
Reply
znx Offline
Posting Freak
*****
Posts: 1,229
Threads: 45
Joined: Mar 2005
Reputation: 0
#2
2007-06-21, 10:27 PM

Unfortunately, there is simply no solution.

 

Let us say that you begin to block the traffic that is hitting your box, the fact is it is still reaching your box, its just you are throwing it away. So your monthly usage is still getting eaten up. The only way to solve this would be to speak to who ever provides you with the server and ask them to set up some sort of filter prior to your box, that way the traffic doesn't reach you and therefore doesn't take up your usage.

 

You can try turning off the service for a period of time, or simply dropping all traffic (with iptables), this can sometimes encourage the person who is attacking you box to give up but not always.

 

Sorry, no way out of that!

 

PS: The quicker way to see listening ports is to use:



Code:
netstat -tl




Find
Reply
faifas Offline
Junior Member
**
Posts: 8
Threads: 4
Joined: Apr 2007
Reputation: 0
#3
2007-06-26, 01:09 PM
Thank you for your reply!
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)