0
I've tried tcpflow and iptables but I'm unable to do so.
I believe someone is attempting to DDOS my open port which is a server, so that my clients are unable to connect. From tcpflow I'm able to get the data which is transmitted and it seems to be simply spam. I want to find the IP address that's doing this so that I may block it.
I've tried:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
This shows me the IP and number of connections, but I'm still unable to find what I need.
GangsTaRun
Posted 2013-07-10T09:49:09.243
Reputation: 1
1If somebody is performing a DDOS attack against you, the last thing you want to do, is record junk data and fill up your system disk with garbage. Have you talked to your hosting provider on ways to midigate the damage? – Ramhound – 2013-07-10T10:45:40.497
If some one is DDOSing you you won't find an IP address, you will find hundreds. That is the definition of Distributed Denial of Service. Like @Ramhound said - make sure you talk to your ISP to mitigate the damage. – prateek61 – 2013-07-10T12:06:25.063
actually they are flooding my port say like 7887 and server is too busy replying them, is there any way i can restrict number of incoming request on port 7887/tcp , like 4 request per second – GangsTaRun – 2013-07-10T13:47:25.473
@GangsTaRun - Have you talked to your provider? They have the ability to do what you want, DDOS based protection software, is not very effective. It does exist, it just functions in a way, where it wouldn't create multiple sessions for the same ip address. – Ramhound – 2013-07-10T15:53:10.940