Originally Posted by crime
I have some Linux Redhat FC3 Servers. But they're getting a lot of attacks such as DDOS and something like it. I couldn't find a real solution yet, but i want to block attacker's IPs using firewall.
But i dont know how to detect attackers IPs. Is there something which can log IPs of attackers.
Do you think the attacker is launching attack from one or two machines only ???
DOS attacks are no more effective.
They must be launching DDos attack and in that case they use lots of machine (already hacked) to attack the new machine.
Its hard to have their IP's b'coz there attack won't be completing the 3-way-handshake.
Two steps could be followed to cope up with this problem.
1. reduce the time period for which your machine waits for the completion of connection with other machines.
2. increase the 'queue' size so that your machine can have big buffer to store information of the new connections (which are half competed).
I don't know how to do the above mentioned things.....use google for that.