We've been getting hit by 217.34.101.120 for the last 3 hours. I added the IP to the block list in iptables. We've got about 20Kb incoming per second. This attack is on all three of the additional IP's that we got this week (one of which doesn't even have a domain associated to it yet).

I'm new to iptables, so would someone please verify that I've added the offender to be blocked on all ports & adaptors?

target       prot opt in     out     source               destination         
DROP         all  --  any    any     host217-34-101-120.in-addr.btopenworld.com  anywhere 

Besides blocking the IP with iptables, is there anything else I can do to minimize the effect of this attack ... or even stop it completely?

Any guidance would be greatly appreciated.

Thanks,
James

Yes, send an email to abuse@btopenworld.com with your logs.

Thanks - I've already done that and filled out their web form to report the issue.

Technically, since it's from a single IP it's a DoS (denial of service) attack.

DDoS is DISTRIBUTED, and with just one IP it's not that.

_________________
Either provide enough details for people to help, or sit back and listen to the crickets chirp.
Security thru obscurity is a myth - and really really annoying.

Thanks ... I've corrected the subject line.

Linode doesn't charge for incoming bandwidth, so with a 20 kilobit attack, dropping it with iptables will have completely mitigated the attack. You've notified btopenworld, you've done all you should have.