Portal Home > Knowledgebase > Articles Database > How to deal with such DoS attack - against DNS server or so??
How to deal with such DoS attack - against DNS server or so??
| Posted by bloodyman, 09-24-2012, 12:27 PM |
| Hello
A week ago my server was shut down because of incomming DDoS attack. After few hours attack stoped so I was able to access my server IPs again.
During this week I was observing UDP traffic on my server for packets greather than 200. Today, after 7 days from initial attack, I observed very strange traffic UDP on my server:
I was able to drop connections from POSSIBLE-ATTACKING-IP via iptables.
I need to know, if such queries are symphoms of DDoS attack, should I remove those 4 domains which were in the queries from my server?
Is there any way of preventing such attacks ? I suppose it was against my DNS servers, but I'm not 100% sure.
Any help would be appreciated.
I use csf to manage iptables.
|
| Posted by Atlanical-Mike, 09-24-2012, 12:57 PM |
| I'd recommend installing DDOS Deflate:
Use this command in SSH:
Then setup SYN Cookies
Insure you've got ConfigSever Firewall installed:
http://www.configserver.com/free/csf/install.txt
Hope it helps.
|
| Posted by bloodyman, 09-24-2012, 04:07 PM |
| I use csf as I mentioned, also dosdeflate is last resource I would like to use because it is too simple to handle such dos attacks.
For people who know about dns amplification attacks - does it look so? what are the reasonable limits for amplifier attacks (10 queries in 20 seconds or better 20 queries in 10 seconds etc)?
|
| Posted by anuja9991, 09-24-2012, 04:07 PM |
| You can check netstat command result to know what port is target of the attack. Also get your server secured by means of firewall like csf, ddos defalte etc. If the attacks is out of control then ask your datacenter to install hardware firewall.
|
| Posted by damien scott, 09-24-2012, 04:21 PM |
| install Dos_Deflate
w w w . makemagic . gr /node/234
|
Add to Favourites 
Print this Article
Also Read
OVH Bandwidth (Views: 849)