Rate limiting via iptables might work better with that amount of traffic.
e.g.
PHP Code:
iptables -N QUERY-BLOCK iptables -A QUERY-BLOCK -m recent --set --name blocked-hosts -j DROP iptables -N QUERY-CHECK iptables -A QUERY-CHECK -p udp -m string ! --string "getstatus" --algo bm --from 32 --to 41 -j RETURN iptables -A QUERY-CHECK -m recent --update --name blocked-hosts --seconds 30 --hitcount 1 -j DROP iptables -A QUERY-CHECK -m hashlimit --hashlimit-mode srcip --hashlimit-name getstatus --hashlimit-above 15/second -j QUERY-BLOCK iptables -A INPUT -p udp --dport 27960:29000 -j QUERY-CHECK
You could also try to only allow valid traffic e.g.
PHP Code:
iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT iptables -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP # syn flood iptables -A INPUT -m state --state INVALID -j DROP iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP # bogus TCP Flags iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT iptables -A INPUT -p udp -m udp --dport 28960 -j ACCEPT # ACCEPT all ports (+ used protocol) you are using for incoming traffic iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT # accepts traffic requested by your server
Hello, I'm not home right now.. I will test it tomorrow and let u know if it helped. Thanks
Hello, I'm not home right now.. I will test it tomorrow and let u know if it helped. Thanks
You can also dump part of the traffic to a file and analyse it using Wireshark.
Then you can find out with what kind of traffic your server is flooded with.
You can also dump part of the traffic to a file and analyse it using Wireshark.
Then you can find out with what kind of traffic your server is flooded with.