I run a game server and for the past few weeks I've been getting what I believe is a flood attack every Thursday night during a special event that's run that night. Every few minutes, the incoming bandwidth goes from about 150 kb/s to 12,000 kb/s for about 5 seconds. This completely disrupts the game as the players lag out for 5 seconds at a time.
My question is what filtering is available upstream to stop this? Would it be possible to filter out packets that are above a certain size? Can you filter by source address or is that certain to be forged?
I was caught flat footed when I finally suspected foul play and didn't get anything logged. I'm running the following tcpdump command now. If I should be doing anything else, please let me know.
tcpdump -w in -C 10 -W 10 -s96 dst host 173.214.174.226
My question is what filtering is available upstream to stop this? Would it be possible to filter out packets that are above a certain size? Can you filter by source address or is that certain to be forged?
I was caught flat footed when I finally suspected foul play and didn't get anything logged. I'm running the following tcpdump command now. If I should be doing anything else, please let me know.
tcpdump -w in -C 10 -W 10 -s96 dst host 173.214.174.226