This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

[closed] Help with a DDOS Attack

0

Recently my server has been ddosed with an attack that sends a relatively huge data transfer (10k packets, 14M of data on one conversation) when the average conversation between server & client is more like 1-100 packets, 50-5000 bytes. I'm running a linux host and wondering if I can defend from this attack somehow throttling connections using iptables. I've already implemented the "low hanging fruit" of ddos defense. Any guidance appreciated!

alt text

asked 04 Jan '17, 17:31

PEMinecraft's gravatar image

PEMinecraft
6112
accept rate: 0%

closed 04 Jan '17, 22:22

Jaap's gravatar image

Jaap ♦
11.7k16101

Anyway that's definitely not a DDOS. It could be a non-distributed DoS attack but it's certainly not a distributed one. More likely, though, it's just a long-lived connection (file transfer?) or something. I'd start by looking at the TCP ports involved.

(05 Jan '17, 05:36) JeffMorriss ♦

The question has been closed for the following reason “Question is off-topic or not relevant” by Jaap 04 Jan ‘17, 22:22


One Answer:

0

This is a question suitable for Super User at stackexchange, not a Wireshark question.

answered 04 Jan '17, 22:22

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%