This is a quick how-to prevent or even counteract to a DoS Attack on your Linux Box. First of all you can get the IP of the person by:
Code:
/bin/netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1
| sort | uniq -c | sort -n
This shall display a list of IP Addresses with the number of connections made to the BOX. Take the IP address of the one with lots of connections to the BOX and do the following to it:
Code:
iptables -I INPUT 1 -s IP_Address -j DROP
Here we BLOCKED all of his connections to the BOX regardless of protocol type (tcp, udp, icmp).
There is another way which is to play with the attacker and fool him is to use the NULL Route just do the following:
Code:
route add IP_Address gw 127.0.0.1 lo
Also, you can go for a bandwidth shaping solution or lets say Bandwidth control like this:
Code:
iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 8 -j ACCEPT
All these ways make DoS attacks harder to be done on you Linux BOX but they shall not prevent all types of DoS Attacks.
More Dedicated Web Hosting Help!