Hello.

I have some Linux Redhat FC3 Servers. But they're getting a lot of attacks such as DDOS and something like it. I couldn't find a real solution yet, but i want to block attacker's IPs using firewall.

But i dont know how to detect attackers IPs. Is there something which can log IPs of attackers.

Thanks.

Hi,
Do you think the attacker is launching attack from one or two machines only ???
DOS attacks are no more effective.
They must be launching DDos attack and in that case they use lots of machine (already hacked) to attack the new machine.
Its hard to have their IP's b'coz there attack won't be completing the 3-way-handshake.
Two steps could be followed to cope up with this problem.

1. reduce the time period for which your machine waits for the completion of connection with other machines.
2. increase the 'queue' size so that your machine can have big buffer to store information of the new connections (which are half competed).

I don't know how to do the above mentioned things.....use google for that.

regards

You might want to explain this question a little better. Why do the servers have ports open to the internet? WebServers? You need to check you access logs.

What makes you think you are getting DDOS'd?

If you are getting DDoS'd you need to call your ISP. You can drop packets at your router/firewall, but that will still kill your bandwidth.


Soule