My machine is being flooded with thousands of packets per second. They don't eat much bandwidth (60mbps out of 1gbit) but they damage system a lot by consuming a CPU responsible for handling network card interrupts. ksoftirqd goes to 100% and machine becomes almost unaccesible. How can I deal with these kind of attack – throwing huge number of random packets? Is there any way to somehow tweak handling server interrupts or distribute it over other CPUs?
My network card uses NAPI, linux kernel is 2.6.31.5
Best Answer
You need to contact your upstream provider and have them block, filter or otherwise prevent the packets from this DDOS from reaching you. There's really not much you can do by the time they arrive on your server.
You can try to block the source IP addresses using iptables, but likely the (computational) damage is already done by the time iptables actually looks at the packets and decides to drop it.
EDIT:
Your comment doesn't make sense to me. You have DDOS caused by lots of or specially crafted packets (or both) causing too much computational overhead due to interrupt switching. Are they coming from one or a few sources? Have your upstream provider drop packets from that source/s? Profit! If they never get to your machine - they'll never cause the problem in the first place. There's no magic you can do on the host to prevent this from happening once the packets already arrive. You need to have dropped the packets before they arrive on your machine. Contact your service provider or hosting company.