Fighting DDoS Attack, looking for some advice

Question

So, it appears about 2 IP addresses are overloading my HTTP server (apache) over UDP and I am unable to stop this using IP Tables. I am using CentOS 5. I managed to block some other IP addresses that were overloading TCP, but can't seem to stop the UDP.

I've narrowed down the offenders to connecting to random ports using UDP connections, but the following entry in iptables isn't working:

-A INPUT -s <offending IP> -p udp -j DROP

Can anyone offer some advice as to what I'm doing wrong?

UPDATE: I noticed that all offending incoming connections were from port 53, so did the following and it seemed to work:

-A INPUT -s <offending IP> -p udp --dport 53 -j REJECT

score 2 · Answer 1 · answered May 18 '11 at 10:52

With any kind of DoS or DDoS attack, the only real thing you can do is talk to your upstream provider, and have them block the traffic as it hits their network, otherwise it'll still saturate your connections to the internet, and although you're dropping the traffic, you'll likely still have connectivity problems.

Fighting DDoS Attack, looking for some advice

1 Answers1