[colug-432] Diagnosing and blocking DDOS attacks
DEEDSD at nationwide.com
DEEDSD at nationwide.com
Sun Jul 17 18:47:56 EDT 2011
My son has set up a CentOS game server, serving MineCraft stuff.
Some players were being nasty, and got banned. Of course one of the
people that got banned has a malicious friend, who has been launching
denial-of-service attacks. The guy logs into their forums as a generic
user, leaves a message stating that he will now launch a DOS, and the
attack begins and lasts for a couple hours. My son thinks that this guy
is running stuff from the Amazon cloud, but he likely has no idea.
My son's server is running pretty current CentOS with IPTables.
My question is how to figure out what kind of DOS attack is being used,
and how to thwart it... I am guessing if I make it more difficult to
attack, the guy might get bored and move on.
In the research I have done, it appears that I can set up IPTables rules
for certain port and make them drop requests...
iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent
--update --seconds 60 --hitcount 20 -j DROP
I am curious as to if I leave off the --dport if the rule would apply to
all ports. I also wonder if I can block all traffic from a class B set of
addresses - say if it is coming from a cloud.
I doubt it would cure the issue, but it may lessen the impact.
Can anyone direct me to some good resources?
Thanks!
Dallas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20110717/937efb73/attachment.html
More information about the colug-432
mailing list