In the “DDOS attack solution part 1” we have found out the DDOS initial stag and we have use the simple iptale command to stop the but if still facing the DDOS attack and then its better to add the iptable rule to block the DDOS ips by using the following iptable rules.
iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp –tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p tcp –tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp –tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp –tcp-flags ACK,FIN FIN -j DROP
iptables -A INPUT -p tcp –tcp-flags ACK,PSH PSH -j DROP
iptables -A INPUT -p tcp –tcp-flags ACK,URG URG -j DROP
The above iptables rull will check the connection for “SYN,FIN SYN,FIN” flag an once IP address found out the firewall will block the ips. Monitor the iptable rules performance and if still having issue then refer to the following URL “DDOS attack solution part 3“