I am under UDP flood attack. I used following protections to solve it:
iptable IP ban:
iptables -I INPUT -s 37.187.231.xxx -j DROP
Tried another iptable syntax
/sbin/iptables -I INPUT -i eth0 -s 37.187.231.xxx -j DROP
Tried to limit the UDP packets:
iptables -A INPUT -p udp -m udp --dport 0:65535 -m state --state NEW -m recent --update --seconds 1 --hitcount 10 --name UDP --rsource -j DROP
Completely disabled UDP packets:
iptables -A INPUT -p udp -j DROP
All the ports are closed. Below is the output of – netstat -an | grep "udp"
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp6 0 0 ::1:53 :::*
I have following software installed:
Ubuntu 14.04
UFW Firewall
i7 processor with 16GB Ram
Only port 80 is opened.
I am still being attacked by UDP flood. "sudo iftop -n" command shows heavy MBs input traffic from the IPs I have already blocked using IP tables. Maybe iptables did not block the IPs? If yes then how can I fix it?
Best Answer
As I and others are telling you above, blocking traffic with
iptablesdoesn't prevent it from reaching your server; it only stops your server from processing it. If the sheer volume of traffic is saturating your server's connection, and causing you to lose connectivity to it, you have no choice but to work with your hosting provider, to have them filter out this traffic before it reaches the pipe (virtual or physical) to your server.If your provider is unwilling or unable to do this, then you've just found a good reason to migrate to a better provider.