So i've exhausted all options here.. Iptables and etc
But the UDP floods(spoofed ips) keep getting through
[root@serv888 ~]# tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 16:17:52.504507 IP 207.46.150.153.1024 > serv888-97-**.*.net.mns-mail: UDP, length 459 16:17:52.504515 IP 23.102.174.102.1024 > serv888-97-**.*.net.23989: UDP, length 633 16:17:52.504521 IP 23.102.174.102.1024 > serv888-97-**.*.net.30898: UDP, length 676 16:17:52.504526 IP 207.46.150.153.1024 > serv888-97-**.*.net.25766: UDP, length 673 16:17:52.504531 IP 207.46.150.153.1024 > serv888-97-**.*.net.20165: UDP, length 174
It just keeps going endlessly and iptables isn't dropping the UDP attack..
Can you offer some advice on how i'd go about blocking this?
http://ift.tt/1dvHQ0Z
0 comments:
Post a Comment