#1  
Old 20th August 2010, 00:28
xlenonz xlenonz is offline
Junior Member
 
Join Date: Feb 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default how to drop ip immediately

hi,

i use many ips for game servers.

some time i get ddos attack to specific ip adress.

i can change ip to other server with that command


arping -U -I eth0 ip address

but i want, drop that ip.not change to other server.

i do ifconfig eth0:340 ipadddress netmask 255.255.255.0 drop

but it will drop like hours.

thanks.

Last edited by xlenonz; 20th August 2010 at 10:58.
Reply With Quote
Sponsored Links
  #2  
Old 20th August 2010, 09:21
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

take down an ip/(v)interface:
Code:
ifdown eth0:3
bring a ip/(v)interface up:
Code:
ifup eth0:3
Reply With Quote
  #3  
Old 20th August 2010, 10:31
xlenonz xlenonz is offline
Junior Member
 
Join Date: Feb 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

hi,

thanks , but its not working.
ifdown eth0:340
usage: ifdown <device name>

i use centos4.
Reply With Quote
  #4  
Old 20th August 2010, 10:46
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

aw crap .. then use:

Code:
ifconfig eth0:340 down
ow and, 340 vip's? jees ..
Reply With Quote
  #5  
Old 20th August 2010, 10:53
xlenonz xlenonz is offline
Junior Member
 
Join Date: Feb 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

ifconfig eth0:340 down

its work like i say but it take hours.

if i get ddos attack, still reach to server.

i need immediately drop solution.

i can change ip immediately with that
arping -U -I eth0 ipadress , other server
but i cant waste a server only for that
Reply With Quote
  #6  
Old 20th August 2010, 11:02
damir damir is offline
Senior Member
 
Join Date: Jun 2006
Posts: 375
Thanks: 11
Thanked 51 Times in 42 Posts
Default

Code:
route add -host ip.add.re.ss reject
Code:
route delete ip.add.re.ss
Reply With Quote
  #7  
Old 20th August 2010, 11:18
xlenonz xlenonz is offline
Junior Member
 
Join Date: Feb 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by damir View Post
Code:
route add -host ip.add.re.ss reject
Code:
route delete ip.add.re.ss
route delete ip.add.re.ss
give that error ; SIOCDELRT: No such process

so i change add with del and it remove

route add -host ipadress reject
route del -host ipadress reject

but still no change

i look with
tcpdump -ennqti eth0 \( arp or icmp \) | grep ipadress


and when i change ip to other server
Code:
00:22:56:ce:f1:20 > 00:14:78:51:4c:d8, IPv4, length 74: IP myhomeip > serverip: icmp 40: echo request seq 2160
00:22:56:ce:f1:20 > 00:14:78:51:4c:d8, IPv4, length 74: IP myhomeip > serverip: icmp 40: echo request seq 2161
(i ping from home , it tell timeout but still reach server i can see in here)
00:0e:2e:9f:25:82 > ff:ff:ff:ff:ff:ff, ARP, length 60: arp who-has serverip (ff:ff:ff:ff:ff:ff) tell serverip
00:0e:2e:9f:25:82 > ff:ff:ff:ff:ff:ff, ARP, length 60: arp who-has serverip (ff:ff:ff:ff:ff:ff) tell serverip
so it tell ff mac adress, i think if i send like that i will drop immediately
Reply With Quote
  #8  
Old 20th August 2010, 11:32
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
 
Default

if you drop the ip from your interface, you'll have to wait for the arp cache to expire so the packets won't arrive at your server anymore .. arp cache of the switch it's connected to .. you could aslo throw in some connection rate limiting ..

gamers are annoying people aren't they?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Vhosts...conf not synced to changes crypted General 50 24th April 2010 00:54
SSL Cert Question for ISPConfig Access giganet Installation/Configuration 33 28th March 2009 07:56
slow download through webserver problem snewp Technical 14 9th May 2008 05:25
/etc/hosts change ssh problem bswinnerton Installation/Configuration 23 9th September 2007 20:39
ISPConfig Firewall and no sense MyLinux General 7 9th September 2005 17:35


All times are GMT +2. The time now is 21:30.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.