You you please get into the habit of bottom posting, it also reminds you to trim 
redundant or unnecessary text.

You could install Portsentry and set it to block the offending Ip addresses. Ain this 
situation, I wouldn't be too concerned with blocking the false positives. that is 
spoofed source addresses, as you need the DDOS attack to stop. later you can construct 
some firewall rules to monitor those addresses for any reoccurance.

The other solution you have is to unplug the network cable from your gateway router. 
That is if you have an ADSL router, unplug the router and not the network behind it. 
You need to make you network appear as though it has gone off line or moved ip 

Otherwise I'd wish you good luck (I have been through this exercise myself, it's not 
nice :-( ).

George Patterson

On Thu, 22 Apr 2004 08:21:38 +0800
"meimi" <[EMAIL PROTECTED]> wrote:

> I have found some IPs are opening 10 HTTP connection. Their IPs are
> changing and all IPs are from different ISP network.
> What should I do next?
> Thanks
> Meimi
> ----- Original Message ----- 
> From: "Tuc" <[EMAIL PROTECTED]>
> To: "meimi" <[EMAIL PROTECTED]>
> Sent: Thursday, April 22, 2004 7:29 AM
> Subject: Re: being DOSed
> > >
> > > Hello,
> > >   The bandwidth usage for my server is tripled for 3 hours. When I
> > >   run "top", I find many httpd process in sbwait status. So, I
> > >   think someone is DOSing my server. How can I check who is DOSing
> > >   me? and how can I solve it?
> > > Thanks
> > > Meimi
> >
> > Quickly :
> >
> > netstat -an | sort | grep tcp4|more
> >
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to