View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions DoS Attack from 217.34.101.120
Log in to Ask a Question

DoS Attack from 217.34.101.120

networking

We've been getting hit by 217.34.101.120 for the last 3 hours. I added the IP to the block list in iptables. We've got about 20Kb incoming per second. This attack is on all three of the additional IP's that we got this week (one of which doesn't even have a domain associated to it yet).

I'm new to iptables, so would someone please verify that I've added the offender to be blocked on all ports & adaptors?

target       prot opt in     out     source               destination         
DROP         all  --  any    any     host217-34-101-120.in-addr.btopenworld.com  anywhere

Besides blocking the IP with iptables, is there anything else I can do to minimize the effect of this attack … or even stop it completely?

Any guidance would be greatly appreciated.

Thanks,

James

5 Replies

Yes, send an email to abuse@btopenworld.com with your logs.

@bacon:

Yes, send an email to abuse@btopenworld.com with your logs.
Thanks - I've already done that and filled out their web form to report the issue.

Technically, since it's from a single IP it's a DoS (denial of service) attack.

DDoS is DISTRIBUTED, and with just one IP it's not that.

@vonskippy:

Technically, since it's from a single IP it's a DoS (denial of service) attack.

DDoS is DISTRIBUTED, and with just one IP it's not that.
Thanks … I've corrected the subject line.

Linode doesn't charge for incoming bandwidth, so with a 20 kilobit attack, dropping it with iptables will have completely mitigated the attack. You've notified btopenworld, you've done all you should have.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct