N00b question
But say I had a dedicated server with two IP addresses, and the software (We'll just use Apache as an example) was using both IP address to serve content, in the event of a DoS attack on one of the IP addresses, could I just use something like IP Tables to null route/drop all incoming connections on one of the two IP addresses, effectively rendering the attack useless and still serving the users?
The attacker could then just start attacking the other IP as well if they weren't already doing so. You might block some unsophisticated attacks, but not anyone who's even moderately determined.
If your goal is to prevent DoS and not DDoS, you can look in to using mod_qos or iptables to limit total concurrent connections from a single IP. You can also check out mod_evasive, which offers a degree of DDoS protection.
This is my fiorst post, so bear with me,
Depending on the severity of the attack and determination of the attacker you can slow them down but never think of "stopping" them, an attack can be slowed down but not stopped.
IPtables is a good solution, depending on the source traffic to your website I always use country restrictions if I'm not willing to deal with unwanted traffic from problematic countries. I do that on all network equipment depending of the country and target audience.
HTH
No, you cannot prevent a DDoS attack that way.
By the time the packets reach your server they have already consumed capacity on the saturated link. Dropping a packet with iptables is not going to give you back the link-time which has already been used.
In order for a measure against a DDoS attack to be effective it has to block packets before they enter the saturated link.
The different IP addresses could (depending on provider) help you in a different way. The router sending packets down the saturated link might be configured to share capacity evenly among destination IP addresses. If that is the case a DDoS attack against one IP address will only have minor impact on the other.
But if an attacker knows both IP addresses, the attacker can easily share the attack traffic evenly across those two IP addresses.
