george at visp.com.au
Wed Apr 21 18:50:57 PDT 2004
You you please get into the habit of bottom posting, it also reminds you to trim redundant or unnecessary text.
You could install Portsentry and set it to block the offending Ip addresses. Ain this situation, I wouldn't be too concerned with blocking the false positives. that is spoofed source addresses, as you need the DDOS attack to stop. later you can construct some firewall rules to monitor those addresses for any reoccurance.
The other solution you have is to unplug the network cable from your gateway router. That is if you have an ADSL router, unplug the router and not the network behind it. You need to make you network appear as though it has gone off line or moved ip addresses.
Otherwise I'd wish you good luck (I have been through this exercise myself, it's not nice :-( ).
On Thu, 22 Apr 2004 08:21:38 +0800
"meimi" <meimi_1 at hotmail.com> wrote:
> I have found some IPs are opening 10 HTTP connection. Their IPs are
> changing and all IPs are from different ISP network.
> What should I do next?
> ----- Original Message -----
> From: "Tuc" <tuc at ttsg.com>
> To: "meimi" <meimi_1 at hotmail.com>
> Sent: Thursday, April 22, 2004 7:29 AM
> Subject: Re: being DOSed
> > >
> > > Hello,
> > > The bandwidth usage for my server is tripled for 3 hours. When I
> > > run "top", I find many httpd process in sbwait status. So, I
> > > think someone is DOSing my server. How can I check who is DOSing
> > > me? and how can I solve it?
> > > Thanks
> > > Meimi
> > Quickly :
> > netstat -an | sort | grep tcp4|more
More information about the freebsd-questions