Hello, I am writing this message for a problem.
There are 3 days that my server is under ddos attack, hundreds of different ip, always on the same port: 25345, but the problem is that the port is closed!, turned antispoof rules,sent packets from 2k and response packets 500k.
I use ipfw as a firewall ..
Those are the rules that I've put in my IPFW :
$IPF 12 deny all from any to any dst-port 25345 in keep-state
$IPF 13 deny all from any to any dst-port 25345 out keep-state
$IPF 14 deny udp from any to any dst-port 25345 in keep-state
$IPF 15 deny udp from any to any dst-port 25345 out keep-state
$IPF 16 deny tcp from any to any dst-port 25345 in keep-state
$IPF 17 deny tcp from any to any dst-port 25345 out keep-state
$IPF 18 deny all from any to any src-port 25345 in keep-state
$IPF 19 deny all from any to any src-port 25345 out keep-state
$IPF 20 deny udp from any to any src-port 25345 in keep-state
$IPF 21 deny udp from any to any src-port 25345 out keep-state
$IPF 22 deny tcp from any to any src-port 25345 in keep-state
$IPF 23 deny tcp from any to any src-port 25345 out keep-state
Despite this all, the attacks keep coming even if the port is, as previously mentioned, closed.
[Only registered and activated users can see links. Click Here To Register...]
From this screen u can see the attack on the port.
Someone can help me?
PS. Sorry for my bad english, I'm not DE.
No1 know how to solve? :(
There are 3 days that my server is under ddos attack, hundreds of different ip, always on the same port: 25345, but the problem is that the port is closed!, turned antispoof rules,sent packets from 2k and response packets 500k.
I use ipfw as a firewall ..
Those are the rules that I've put in my IPFW :
$IPF 12 deny all from any to any dst-port 25345 in keep-state
$IPF 13 deny all from any to any dst-port 25345 out keep-state
$IPF 14 deny udp from any to any dst-port 25345 in keep-state
$IPF 15 deny udp from any to any dst-port 25345 out keep-state
$IPF 16 deny tcp from any to any dst-port 25345 in keep-state
$IPF 17 deny tcp from any to any dst-port 25345 out keep-state
$IPF 18 deny all from any to any src-port 25345 in keep-state
$IPF 19 deny all from any to any src-port 25345 out keep-state
$IPF 20 deny udp from any to any src-port 25345 in keep-state
$IPF 21 deny udp from any to any src-port 25345 out keep-state
$IPF 22 deny tcp from any to any src-port 25345 in keep-state
$IPF 23 deny tcp from any to any src-port 25345 out keep-state
Despite this all, the attacks keep coming even if the port is, as previously mentioned, closed.
[Only registered and activated users can see links. Click Here To Register...]
From this screen u can see the attack on the port.
Someone can help me?
PS. Sorry for my bad english, I'm not DE.
No1 know how to solve? :(