Mailinglist Archive: opensuse-security (232 mails)

< Previous Next >
Re: [suse-security] Under DDoS Attack
  • From: media Formel4 <info@xxxxxxxxxx>
  • Date: Thu, 27 Oct 2005 19:09:28 +0200
  • Message-id: <436109C8.4010104@xxxxxxxxxx>
Timothy Hall schrieb:
Another suggestion...

If you are able to produce a list using netstat and output it into a
text file, you may then be able to narrow down networks from which the
attack is originating. Afterwards, you can contact your upstream ISP
and they will be more than happy to block the rogue traffic from
reaching your network. They are quite happy to work with folks on
things such as this as very often the traffic also effects others that
they host services for by simply 'busying' things up with useless

Looking at the sorted list I'm lucky finding 3 or 4 IPs coming from the same class-B network... Blocking out those whole ranges would mean "blocking the whole internet". Pretty secure, but not really useable.

Just to give you an image of what I'm talking, here is the end of the sorted block list:

As you can see: They've got not much in common...

I'm still not sure that they aren't spoofed. During the last hours I blocked more than 6000 IPs and per minute the count raises by 30 - 40...

< Previous Next >
List Navigation
Follow Ups