UDP Flood/DoS or What

ddosfloodingudp

Basically

I am receiving a lot of packets/data with random info on UDP protocol.
Packet has header and then a lot of XXXXXXX in it's content.

I assume it is UDP flood but it comes from different web/dedi hosting companies.
Also this basically uses up all of download speed. Upload speed stays 0-1kb/s

Is there a way to fight this?

Thanks

Best Answer

Doesn't matter if you have any UDP services running, even if you drop every UDP-packet in example iptables your RX buffer (that is, your incoming network link) will be saturated.

Try it yourself with a simple udp flood script and monitor the RX/TX buffer with iftop.

You simply have to contact your ISP to block them higher up in the chain. Either that or get a fatter line which has more capacity than the attacks.

Related Solutions

Apache DoS Protection – How to Prevent Apache DoS Flood

Consider installing a rate limiting software, it will help you to defend not only against lawful bots. You can use mod_evasive for Apache, or you can install Nginx as a frontend and use its HttpLimitZoneModule, it is built in.

Freebsd – Protecting against UDP flood

The crucial data is this here:

length 1

meaning that someone probably is trying to keep its upstream load low to provoke larger answer packets from your host. The IP source address (182.48.38.227) is probably forged and thus itself an attack victim.

If you are experiencing network congestion due to the UDP load, your only chance of mitigating the impact is to ask your upstream provider to set up a filter rule to stop these UDP packets from being forwarded to your network.

Best Answer

Related Solutions

Apache DoS Protection – How to Prevent Apache DoS Flood

Freebsd – Protecting against UDP flood

Related Topic