Hello there,

I want to know what are the ways to monitorize and control/stop flooding on my server, because I am heavily flooded. At this moment I am doing all this manually (when I see that my bandwidth is lowering or some applications are freezing), my main working tool being iptables.But I want something automated .
Another problem : if I am flooded with packets having real ip addresses , with a simple iptables command I cand resolve the problem easily. But, the problem is, in most of the cases, I am flooded with packets with spoofed ip adresses (e.g. 1.2.3.4 ), so the only thing I can do in this situation is to block all incoming packets (which ruins everything).Do you have a solution to this ?
The flood monitorizing (and controlling) tool may be with/without interface, only to be effective.

Thanx,
Adrian

Woah, hold on a second buzz lightyear. What exactly is happening?

First of all, do a "tail -f /var/log/messages" to monitor everything.
If thats not where iptables logs to, then change accordingly.
Secondly, what kind of internet service do you have? If anything, you most likely have a dynamic setup. Poweroff your router for 10-15 minutes and plug that sh*t back in, and hopefully you have a new IP address from your service provider. If not, contact your provider and tell them what type of attacks you have coming in. If you can't do that, then something is definitely going on that you are not telling us about.

0 members found this post helpful.