Is there anything else I can do to help??

I look after the infrastructure for a local charity, who run their own mail server over a VDSL line here in Christchurch. For the last 3 hours or so, the mail server is being ddosed... the incoming mail is being spoofed to have come from a local ip address ( not the firewall! ) afaict. All I've got is a dd-wrt based firewall into which I've blocked about 1,000 IP addresses via iptables - but doing that in a hurry, you don't know which ones are valid. And it's not helping. Any suggestions apart from forward 25 to /dev/null and hope they go away?? Cheers, Steve -- Steve Holdoway BSc(Hons) MNZCS <steve(a)greengecko.co.nz> http://www.greengecko.co.nz MSN: steve(a)greengecko.co.nz Skype: sholdowa

On Apr 7, 2011, at 11:49 AM, Steve Holdoway wrote:
Any suggestions apart from forward 25 to /dev/null and hope they go away??
The firewall/NAT isn't helping, it's hurting - the state tables are getting filled up and legitimate traffic is being crowded out, and the CPU is high. Stateful firewalls and NATs should *never* be placed in front of servers. Contact the ISP and tell them that there's a DDoS being launched towards the public IP, and get them to filter. The church should move their servers into VPS, rather than trying to run them off a VDSL with software-based routers. ----------------------------------------------------------------------- Roland Dobbins <rdobbins(a)arbor.net> // <http://www.arbornetworks.com> The basis of optimism is sheer terror. -- Oscar Wilde
participants (2)
-
Dobbins, Roland
-
Steve Holdoway