Linode Forum
https://forum.linode.com/

DoS Attack from 217.34.101.120
https://forum.linode.com/viewtopic.php?f=19&t=9176		 Page 1 of 1
Author:  Main Street James [ Sun Jul 22, 2012 12:56 pm ]
Post subject:  DoS Attack from 217.34.101.120
We've been getting hit by 217.34.101.120 for the last 3 hours. I added the IP to the block list in iptables. We've got about 20Kb incoming per second. This attack is on all three of the additional IP's that we got this week (one of which doesn't even have a domain associated to it yet).

I'm new to iptables, so would someone please verify that I've added the offender to be blocked on all ports & adaptors?
Code:
target       prot opt in     out     source               destination         
DROP         all  --  any    any     host217-34-101-120.in-addr.btopenworld.com  anywhere


Besides blocking the IP with iptables, is there anything else I can do to minimize the effect of this attack ... or even stop it completely?

Any guidance would be greatly appreciated.

Thanks,
James
Author:  bacon [ Sun Jul 22, 2012 1:00 pm ]
Post subject:  Re: DDoS Attack from 217.34.101.120
Yes, send an email to abuse@btopenworld.com with your logs.
Author:  Main Street James [ Sun Jul 22, 2012 1:13 pm ]
Post subject:  Re: DoS Attack from 217.34.101.120
bacon wrote:
Yes, send an email to abuse@btopenworld.com with your logs.

Thanks - I've already done that and filled out their web form to report the issue.
Author:  vonskippy [ Sun Jul 22, 2012 1:17 pm ]
Post subject:  Re: DDoS Attack from 217.34.101.120
Technically, since it's from a single IP it's a DoS (denial of service) attack.

DDoS is DISTRIBUTED, and with just one IP it's not that.
Author:  Main Street James [ Sun Jul 22, 2012 1:50 pm ]
Post subject:  Re: DoS Attack from 217.34.101.120
vonskippy wrote:
Technically, since it's from a single IP it's a DoS (denial of service) attack.

DDoS is DISTRIBUTED, and with just one IP it's not that.

Thanks ... I've corrected the subject line.
Author:  Guspaz [ Mon Jul 23, 2012 10:16 am ]
Post subject:  Re: DoS Attack from 217.34.101.120
Linode doesn't charge for incoming bandwidth, so with a 20 kilobit attack, dropping it with iptables will have completely mitigated the attack. You've notified btopenworld, you've done all you should have.
Page 1 of 1 All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/