Is there anything else I can do to help??
I look after the infrastructure for a local charity, who run their own
mail server over a VDSL line here in Christchurch. For the last 3 hours
or so, the mail server is being ddosed... the incoming mail is being
spoofed to have come from a local ip address ( not the firewall! )
afaict.
All I've got is a dd-wrt based firewall into which I've blocked about
1,000 IP addresses via iptables - but doing that in a hurry, you don't
know which ones are valid. And it's not helping.
Any suggestions apart from forward 25 to /dev/null and hope they go
away??
Cheers,
Steve
--
Steve Holdoway BSc(Hons) MNZCS
On Apr 7, 2011, at 11:49 AM, Steve Holdoway wrote:
Any suggestions apart from forward 25 to /dev/null and hope they go away??
The firewall/NAT isn't helping, it's hurting - the state tables are getting filled up and legitimate traffic is being crowded out, and the CPU is high. Stateful firewalls and NATs should *never* be placed in front of servers.
Contact the ISP and tell them that there's a DDoS being launched towards the public IP, and get them to filter.
The church should move their servers into VPS, rather than trying to run them off a VDSL with software-based routers.
-----------------------------------------------------------------------
Roland Dobbins
participants (2)
-
Dobbins, Roland -
Steve Holdoway