Tweet
Find the IPs those have established a connection with the server
(The following command is the better one to get the IPs, as this will sort the IPs
according to the number of connections).
Block them using IPTABLES
Where XXX.XXX.XXX.XXX is the target IP to be blocked
Block them on CSF too
with above steps DDOS can be dropped up to some extended....
(The following command is the better one to get the IPs, as this will sort the IPs
according to the number of connections).
# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
Block them using IPTABLES
# iptables -I INPUT -s XXX.XXX.XXX.XXX -j DROP
# service iptables save
# service iptables restart
# service iptables save
# service iptables restart
Block them on CSF too
# vi /etc/csf/csf.deny
<Add the IPs at the end>
:wq!
<Add the IPs at the end>
:wq!
#csf -r