Tweak to slow down DDOS

[stuartb4u]

Find the IPs those have established a connection with the server

(The following command is the better one to get the IPs, as this will sort the IPs
according to the number of connections).

Quote:

# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

Block them using IPTABLES

Quote:

# iptables -I INPUT -s XXX.XXX.XXX.XXX -j DROP
# service iptables save
# service iptables restart

Where XXX.XXX.XXX.XXX is the target IP to be blocked

Block them on CSF too

Quote:

# vi /etc/csf/csf.deny
<Add the IPs at the end>
:wq!

Quote:

#csf -r

with above steps DDOS can be dropped up to some extended....