How to use iptables to defend against reflection DDOS attack on Centos

Usually use iptables to drop the UDP fragmented packets, below is the iptables config example: vi /etc/sysconfig/iptables

  Reference: 1 HOW TO DEFEND AGAINST AMPLIFIED REFLECTION DDOS ATTACKS 2 DDoS attacks – an explanation of amplified reflective UDP-based attacks


How to trace DDOS attack IP

Trace DDOS attack IP

  This code can printout which IP has more than 10 connections to server on ESTABLISHED or SYN_RECV stat

$6 is state column of netstat result $5 is Foreign Address column of netstat result   Then record the IPs to log file exclude and private ip that starts with 192.168