How to stop DDOS attacks

  • Limiting the ammount of concurrent connections from the same IP address to your Server.
  • Identifying the offending IP.
  • And kill the Ongoing TCP Connections with TCPKILL.
  • Or use Cutter to kill the connections on any port/Network interface.
  • Drop it With Iptables.
  • Make the DROP Persistant after a reboot. (iptables save and restore)
  • Basic Iptables-save trouble shoot.
  • Stop Start Iptables

How to limit the amount of concurrent connections from the same IP address.

This will prevent the simpler DDOS attacks.

$ iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
$ iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP
$ iptables-save >/etc/iptables.up.rules

 How to identify the IP that is attacking you

Issue the following command

$ netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

It will show a list of the current active connections by IP address and the offending IP is usually the one with a high number of connections:

1 Address
1 servers)

In the example above the first number is the number of connections followed by the Originating IP address, the results of the netstat command used are sorted by number of connections so your offender is usually at the end, (note that there maybe several offending IPs most of the times from anonymous proxies)
In this case the offending IP is the one with 132 connections.

How to reset iptables to default settings

Step 1 : Set accept all policy to all connections

Using below set of command you will set accept rule for all type of connections.

# iptables -P INPUT ACCEPT
# iptables -P OUTPUT ACCEPT
# iptables -P FORWARD ACCEPT

Step 2 : Delete all existing rules.

Using below set of commands, delete your currently configured rules from iptables.

# iptables -F INPUT
# iptables -F OUTPUT
# iptables -F FORWARD

Or you can do it in single command –

# iptables -F

Leave a Reply