mein server wird täglich seit monaten attackiert , die zuhöhrerzahlen fallen von 600 zu 100, und dann ist der Shoutcast server ist nicht mehr erreichbar.
So you Start DDosS Schutz kann das leider nicht stoppen.
was kann mann da noch am besten machen ?
heutige DDoS Attack
So sieht meine iptables rules aus
So you Start DDosS Schutz kann das leider nicht stoppen.
was kann mann da noch am besten machen ?
heutige DDoS Attack
So sieht meine iptables rules aus
Code:
[root@server ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- 88.250.110.36 anywhere
DROP all -- 88.249.40.139 anywhere
DROP all -- 37.59.225.240 anywhere
DROP all -- 79.123.234.21 anywhere
DROP all -- 188.57.165.101 anywhere
DROP all -- 51.255.67.76 anywhere
DROP all -- 151.80.21.76 anywhere
DROP tcp -- anywhere anywhere match-set cn.set src
DROP tcp -- anywhere anywhere match-set cn.set src
DROP all -- 118.39.85.235 anywhere
DROP all -- 202.198.176.124 anywhere
DROP all -- 62.210.141.190 anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:onehome-help
f2b-sshd tcp -- anywhere anywhere multiport dports ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpts:irdmi:ndmp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ACCEPT tcp -- anywhere anywhere tcp dpts:irdmi:ndmp
ACCEPT tcp -- anywhere anywhere tcp dpt:mnp-exchange
syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 3
ACCEPT icmp -- anywhere anywhere limit: avg 1/sec burst 1
LOG icmp -- anywhere anywhere limit: avg 1/sec burst 1 LOG level warning prefix "PING-DROP"
DROP icmp -- anywhere anywhere
DROP tcp -- anywhere anywhere match-set cn.set src
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP udp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp spt:smtp
ACCEPT icmp -- anywhere anywhere
DROP udp -- anywhere anywhere
Chain f2b-sshd (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain syn_flood (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere limit: avg 1/sec burst 3
DROP all -- anywhere anywhere
0 commentaires:
Enregistrer un commentaire