I have a server colocated at SM and I've been dos attacked about 12 times in the past 9 days. I got hit 4 times today. This **** is getting Old. I think its a SYN attack but i'm not 100% sure, because I've never had the pleasure of dealing with such an attack. When we get attacked the server is swapmed with connections and iptraf goes crazy and writes a 50mb files in 2 min of all the inbound connections. We do have iptables running but I don't think its doing its job correctly. Here are some of the logs jw.xomar.com/logs/ (the server is down right now because we had all of the ips null routed) Currently the only way we can stop the Dos attack is by null routing the entire IP range, and this is SUCH A HASSLE to call up SM and ask them to null route it then call them back up in 15 and ask them to unnull route it :| . So inconclusion, I'm wondering what is the best way to deal with an attack that comes from several different IP's(I think they are spoofed). Thanks JW
