1

I'm being attacked by 37.59.4.76. It's sending me a great amount of data, which is destroying my dataplan.

I've added the iptables

Chain            num   pkts bytes target     prot opt in     out     source               destination         
DENYIN           400      0     0 DROP       all  --  !lo    *       37.59.4.76           0.0.0.0/0           
DENYOUT          216      0     0 DROP       all  --  *      !lo     0.0.0.0/0            37.59.4.76
PREROUTING       439      0     0 REDIRECT   tcp  --  !lo    *       37.59.4.76           0.0.0.0/0           multiport dports 80,2082,2095 redir ports 8888
PREROUTING       440      0     0 REDIRECT   tcp  --  !lo    *       37.59.4.76           0.0.0.0/0           multiport dports 21 redir ports 8889

Event after a restart, the connection still persists.

 PID USER     PROGRAM                                  SENT      RECEIVED       
  ?  root     37.59.4.76:31108-62.212.77.240:39583     0.000     31.219 KB/sec

What can I do to counter this attack?

Hedam
  • 183
  • 2
  • 8

2 Answers2

1

I don't know your iptables command but normally something like this:

iptables -A INPUT -s 37.59.4.76 -j DROP
René Höhle
  • 1,418
  • 3
  • 17
  • 26
1

if its destroying your dataplan you have to work with your provider. There is nothing a firewall can do as your provider sees the traffic coming to you anyway. If it hasn't sent anything back that tells me your firewall is probably working as its dropping the packets and not sending back a reject or such.

So ya work with your provider. Give them logs and tell them what is happening.

Mike
  • 21,910
  • 7
  • 55
  • 79