Rainer Duffner schrieb:
media Formel4 wrote:
88.111.75.8
As you can see: They've got not much in common...
I'm still not sure that they aren't spoofed. During the last hours I blocked more than 6000 IPs and per minute the count raises by 30 - 40...
What firewall is in front of that host? I'd try to setup a reverse-proxy infront of it, together with an OpenBSD packetfilter.
As I said - its a root server. Nothing in front but the pure internet...
The key to fending-off a DDoS-attacks is to have more resources than the attacker - both bandwidth and raw processing power.
Neither bandwidth nor processing power is the problem. The server stays below a load of 1 and the traffic is almost invisible compared to the standard traffic to the otther servers, because the requests are empty and block others to get content from my server...
If you don't have these resources, you can also just go home and wait till it's over because with so many zombies, the attacker can just flood you "conventionally" until your upstream provider is fed-up enough with it so that he just disconnects your system....
I do have the ressources - but I'm running out of options how to use them to fight back the attackers. The list of blocked IPs reached 10.000 in the meantime...