how to drop ip immediately hi, i use many ips for game servers. some time i get ddos attack to specific ip adress. i can change ip to other server with that command arping -U -I eth0 ip address but i want, drop that ip.not change to other server. i do ifconfig eth0:340 ipadddress netmask 255.255.255.0 drop but it will drop like hours. thanks.
ifconfig eth0:340 down its work like i say but it take hours. if i get ddos attack, still reach to server. i need immediately drop solution. i can change ip immediately with that arping -U -I eth0 ipadress , other server but i cant waste a server only for that
route delete ip.add.re.ss give that error ; SIOCDELRT: No such process so i change add with del and it remove route add -host ipadress reject route del -host ipadress reject but still no change i look with tcpdump -ennqti eth0 \( arp or icmp \) | grep ipadress and when i change ip to other server Code: 00:22:56:ce:f1:20 > 00:14:78:51:4c:d8, IPv4, length 74: IP myhomeip > serverip: icmp 40: echo request seq 2160 00:22:56:ce:f1:20 > 00:14:78:51:4c:d8, IPv4, length 74: IP myhomeip > serverip: icmp 40: echo request seq 2161 (i ping from home , it tell timeout but still reach server i can see in here) 00:0e:2e:9f:25:82 > ff:ff:ff:ff:ff:ff, ARP, length 60: arp who-has serverip (ff:ff:ff:ff:ff:ff) tell serverip 00:0e:2e:9f:25:82 > ff:ff:ff:ff:ff:ff, ARP, length 60: arp who-has serverip (ff:ff:ff:ff:ff:ff) tell serverip so it tell ff mac adress, i think if i send like that i will drop immediately
if you drop the ip from your interface, you'll have to wait for the arp cache to expire so the packets won't arrive at your server anymore .. arp cache of the switch it's connected to .. you could aslo throw in some connection rate limiting .. gamers are annoying people aren't they?
