GoFuckYourself.com - Adult Webmaster Forum - View Single Post

extreme · 10-18-2002, 07:10 AM

Depends on what kind of attack that is launched against you. If the attackers does it right a DDOS attack is nearly impossible to stop.

Anyway, if the attack isn't using spoofing (the source ip of the attack is random/forged/faked) + you're running linux and got root you could just block the offending ip with the builtin linux firewall:

ipchains -A input -j DENY -p all -l -s 1.1.1.1/32 -d 0.0.0.0/0

Would stop all traffic from IP 1.1.1.1.

Another example:

ipchains -A input -j DENY -p all -l -s 1.1.1.1/24 -d 0.0.0.0/0

Would stop all traffic comming from 1.1.1.* (1.1.1.1 - 1.1.1.255)

This is usefull for totally blocking all traffic from a certain ip ... your box will seem totaly nonexistant to the blocked ip.

If you're getting attacked with a PINGflood from many diff IPs You can block it with (again, for linux roots):

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

(any fool with linuxroot could easily launch an pingattack with "ping -f <your ip>". Ping wont fake the sourceIP though so You can easily see where the attack is comming from).

If You're attacked with the classic synflood (eating CPU with halfopen TCP connections) enabling syncookies could help:

echo 1 > /proc/sys/net/ipv4/tcp_syncookies

The good thing with the above methods is that they are fairly easy to take. The bad thing is that they will only stop the traffic Out from your box .. . the bandwdith the DOSattack eats going Into your Networkcard/Box cant be stopped this way. For that you have to contact your ISP and tell them a DDOS attack is going on... maybe they can filter the attack in their routers. So, always contact your uplink/isp.

Hope some of this helps..

10-18-2002, 07:10 AM
extreme Confirmed User Industry Role: Join Date: Oct 2002 Location: lalaland Posts: 2,120	Depends on what kind of attack that is launched against you. If the attackers does it right a DDOS attack is nearly impossible to stop. Anyway, if the attack isn't using spoofing (the source ip of the attack is random/forged/faked) + you're running linux and got root you could just block the offending ip with the builtin linux firewall: ipchains -A input -j DENY -p all -l -s 1.1.1.1/32 -d 0.0.0.0/0 Would stop all traffic from IP 1.1.1.1. Another example: ipchains -A input -j DENY -p all -l -s 1.1.1.1/24 -d 0.0.0.0/0 Would stop all traffic comming from 1.1.1.* (1.1.1.1 - 1.1.1.255) This is usefull for totally blocking all traffic from a certain ip ... your box will seem totaly nonexistant to the blocked ip. If you're getting attacked with a PINGflood from many diff IPs You can block it with (again, for linux roots): echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all (any fool with linuxroot could easily launch an pingattack with "ping -f <your ip>". Ping wont fake the sourceIP though so You can easily see where the attack is comming from). If You're attacked with the classic synflood (eating CPU with halfopen TCP connections) enabling syncookies could help: echo 1 > /proc/sys/net/ipv4/tcp_syncookies The good thing with the above methods is that they are fairly easy to take. The bad thing is that they will only stop the traffic Out from your box .. . the bandwdith the DOSattack eats going Into your Networkcard/Box cant be stopped this way. For that you have to contact your ISP and tell them a DDOS attack is going on... maybe they can filter the attack in their routers. So, always contact your uplink/isp. Hope some of this helps..