Meimi, You you please get into the habit of bottom posting, it also reminds you to trim redundant or unnecessary text.
You could install Portsentry and set it to block the offending Ip addresses. Ain this situation, I wouldn't be too concerned with blocking the false positives. that is spoofed source addresses, as you need the DDOS attack to stop. later you can construct some firewall rules to monitor those addresses for any reoccurance. The other solution you have is to unplug the network cable from your gateway router. That is if you have an ADSL router, unplug the router and not the network behind it. You need to make you network appear as though it has gone off line or moved ip addresses. Otherwise I'd wish you good luck (I have been through this exercise myself, it's not nice :-( ). George Patterson On Thu, 22 Apr 2004 08:21:38 +0800 "meimi" <[EMAIL PROTECTED]> wrote: > I have found some IPs are opening 10 HTTP connection. Their IPs are > changing and all IPs are from different ISP network. > What should I do next? > Thanks > Meimi > > > ----- Original Message ----- > From: "Tuc" <[EMAIL PROTECTED]> > To: "meimi" <[EMAIL PROTECTED]> > Sent: Thursday, April 22, 2004 7:29 AM > Subject: Re: being DOSed > > > > > > > > Hello, > > > The bandwidth usage for my server is tripled for 3 hours. When I > > > run "top", I find many httpd process in sbwait status. So, I > > > think someone is DOSing my server. How can I check who is DOSing > > > me? and how can I solve it? > > > Thanks > > > Meimi > > > > Quickly : > > > > netstat -an | sort | grep tcp4|more > > _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"