Recently my server has been ddosed with an attack that sends a relatively huge data transfer (10k packets, 14M of data on one conversation) when the average conversation between server & client is more like 1-100 packets, 50-5000 bytes. I'm running a linux host and wondering if I can defend from this attack somehow throttling connections using iptables. I've already implemented the "low hanging fruit" of ddos defense. Any guidance appreciated!
asked 04 Jan '17, 17:31  PEMinecraft closed 04 Jan '17, 22:22  Jaap ♦ |
The question has been closed for the following reason “Question is off-topic or not relevant” by Jaap 04 Jan ‘17, 22:22
One Answer:
This is a question suitable for Super User at stackexchange, not a Wireshark question. answered 04 Jan '17, 22:22 Jaap ♦ |
Anyway that's definitely not a DDOS. It could be a non-distributed DoS attack but it's certainly not a distributed one. More likely, though, it's just a long-lived connection (file transfer?) or something. I'd start by looking at the TCP ports involved.