DoS Attack from 217.34.101.120

We've been getting hit by 217.34.101.120 for the last 3 hours. I added the IP to the block list in iptables. We've got about 20Kb incoming per second. This attack is on all three of the additional IP's that we got this week (one of which doesn't even have a domain associated to it yet).

I'm new to iptables, so would someone please verify that I've added the offender to be blocked on all ports & adaptors?

target       prot opt in     out     source               destination         
DROP         all  --  any    any     host217-34-101-120.in-addr.btopenworld.com  anywhere 

Besides blocking the IP with iptables, is there anything else I can do to minimize the effect of this attack … or even stop it completely?

Any guidance would be greatly appreciated.

Thanks,

James

5 Replies

Yes, send an email to [email protected] with your logs.

@bacon:

Yes, send an email to [email protected] with your logs.
Thanks - I've already done that and filled out their web form to report the issue.

Technically, since it's from a single IP it's a DoS (denial of service) attack.

DDoS is DISTRIBUTED, and with just one IP it's not that.

@vonskippy:

Technically, since it's from a single IP it's a DoS (denial of service) attack.

DDoS is DISTRIBUTED, and with just one IP it's not that.
Thanks … I've corrected the subject line.

Linode doesn't charge for incoming bandwidth, so with a 20 kilobit attack, dropping it with iptables will have completely mitigated the attack. You've notified btopenworld, you've done all you should have.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct