I have been receiving countless ddos attacks the last couple of weeks. Just now I caught one while I was running iptraf. Normally 99.9% of the packets used on my server are TCP packages, and not UDP. A few are used I see, but normally hardly any.
Now while the attack happened I noticed thousands of incoming UDP packets per second. Also tcpdump was showing this: http://pastebin.com/raw.php?i=QaybC8C1.
I run CENTOS 5.6, and I only use it for nginx (80,443), ssh (22), ftp (21). I dont run nameservers, email or anything like that.
My question is. Can I block all incoming UDP traffic via iptables? Would this be effective against UDP ddos attacks? And if I can block all UDP traffic, would this cause any problems in linux?
Answer
- Yes you can block UDP packets
- It won't cause problems unless you allow incoming DNS packets for your DNS queries. (related packets)
No comments:
Post a Comment