This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Recently my server has been ddosed with an attack that sends a relatively huge data transfer (10k packets, 14M of data on one conversation) when the average conversation between server & client is more like 1-100 packets, 50-5000 bytes. I'm running a linux host and wondering if I can defend from this attack somehow throttling connections using iptables. I've already implemented the "low hanging fruit" of ddos defense. Any guidance appreciated!

alt text

asked 04 Jan '17, 17:31

PEMinecraft's gravatar image

PEMinecraft
6112
accept rate: 0%

closed 04 Jan '17, 22:22

Jaap's gravatar image

Jaap ♦
11.7k16101

Anyway that's definitely not a DDOS. It could be a non-distributed DoS attack but it's certainly not a distributed one. More likely, though, it's just a long-lived connection (file transfer?) or something. I'd start by looking at the TCP ports involved.

(05 Jan '17, 05:36) JeffMorriss ♦

The question has been closed for the following reason "Question is off-topic or not relevant" by Jaap 04 Jan '17, 22:22


This is a question suitable for Super User at stackexchange, not a Wireshark question.

permanent link

answered 04 Jan '17, 22:22

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×22

question asked: 04 Jan '17, 17:31

question was seen: 1,095 times

last updated: 05 Jan '17, 05:36

p​o​w​e​r​e​d by O​S​Q​A