User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > Traffic limiting/shaping


Traffic limiting/shaping




Posted by MMrs, 04-08-2011, 07:03 AM
Our server (Ubuntu) is running multiple services like: web server, FTP, SSH, Teamspeak, DNS etc. We have 100Mbit connection, but the problem is sometimes there is attacker who is DOSing our server so it takes all the 100Mbits and disconnects us. Its most likely UDP DOS to Teamspeak but I didn't get any confirmation since it disconnects me from SSH before I could actually do anything. Here comes my question: is there a way to limit bandwidth based on remote IP address? I've read bit about iptables and tc but I don't understand it well enough. Or are there any other methods to prevent us disconnecting from SSH? The server is also running CSF. Thanks for any help
Posted by CI-Andrew, 04-08-2011, 12:49 PM
The best option would be to use a hardware firewall to do this, but if this is not possible then hopefully you can configure your software firewall to block the attack or restrict bandwidth per IP as you say, I've only done this with hardware firewalls so hopefully someone can post here with instructions for CSF.
Posted by IDediServer Kevin, 04-08-2011, 01:14 PM
MMrs do you have graphs or similar that indicate you are indeed maxing out at 100Mb/s ? If you are then your provider will need to filter the IP/IPs via ACLs or similar, a firewall will not help more than a router/switch with ACLs unless it is had DDOS features and its own ports do not get saturated by the attack. If you are not sure if you are hitting the 100Mb/s limit ask your provider for graphs, if you are not then you can typically filter it via iptables but you need to confirm if the port is saturated or not via graphs before moving in any direction.
Posted by MMrs, 04-08-2011, 05:56 PM
CI-Andrew: I don't rely want pay for hardware firewall because its not long attack, it only happens at weekend nights when our teamspeak is active and I and its purpose is to disconnect all users from teamspeak server. @IDediServer Kevin: Yes I am sure it hits 100Mb/s, both my providers and my own bandwidth graphs are showing it. Its probably not DDOS at max it might be 5-6 computers attacking.
Posted by MMrs, 04-08-2011, 06:29 PM
EDIT: Its comes from waves of ~5-10 IP's after I ban then new one's are comming in. But each of them are taking 10-50Mb/s bandwidth and its UDP traffic.
Posted by MMrs, 04-09-2011, 08:17 AM
Half of these IP's were from hostgator's networks.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
What is this control panel (Views: 659)
Virtual Network Manager - Server 2008 (Views: 861)
Datarecovery ext3 partition (Views: 670)
Measuring IPv6 traffic? (Views: 627)
Get alerted on modified files? (Views: 596)

Language:

Our Services

Client Menu

Legal

+1 512-782-9732

Find any answers
you need...



  • PCI Secure
  • Verefied by VISA
  • MasterCard SecureCode

    • Terms of Service | Privacy Policy | FAQs | Affiliates | Email
    Copyright © 2015 BraginHos / CHS Gateway inc. - All Rights Reserved.
    Our address: CHS GATEWAY INC c/o Regus Offices, 2598 E. Sunrise Blvd Ste 2104, Fort Lauderdale, Florida 33304, contact phone number: (+1) 512-782-9732, email: support@chsgatewayinc.com