<br><font size=2 face="sans-serif">My son has set up a CentOS game server,
serving MineCraft stuff.</font>
<br>
<br><font size=2 face="sans-serif">Some players were being nasty, and got
banned. Of course one of the people that got banned has a malicious
friend, who has been launching denial-of-service attacks. The guy
logs into their forums as a generic user, leaves a message stating that
he will now launch a DOS, and the attack begins and lasts for a couple
hours. My son thinks that this guy is running stuff from the Amazon
cloud, but he likely has no idea.</font>
<br>
<br><font size=2 face="sans-serif">My son's server is running pretty current
CentOS with IPTables.</font>
<br>
<br><font size=2 face="sans-serif">My question is how to figure out what
kind of DOS attack is being used, and how to thwart it... I am guessing
if I make it more difficult to attack, the guy might get bored and move
on.</font>
<br>
<br><font size=2 face="sans-serif">In the research I have done, it appears
that I can set up IPTables rules for certain port and make them drop requests...</font>
<br>
<br><font size=2 face="sans-serif">iptables -I INPUT -p tcp --dport 25
-i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount
20 -j DROP</font>
<br>
<br><font size=2 face="sans-serif">I am curious as to if I leave off the
--dport if the rule would apply to all ports. I also wonder if I
can block all traffic from a class B set of addresses - say if it is coming
from a cloud.</font>
<br>
<br><font size=2 face="sans-serif">I doubt it would cure the issue, but
it may lessen the impact.</font>
<br>
<br><font size=2 face="sans-serif">Can anyone direct me to some good resources?</font>
<br>
<br><font size=2 face="sans-serif">Thanks!</font>
<br>
<br><font size=2 face="sans-serif">Dallas</font>