SYN DDoS & IP Blocking

I got SYN DDoS. Now the incoming SYN is almost dead, Still getting some 58 SYN

# netstat -apn|grep SYN_RECV |awk '{print $5}'|sort

80.236.128.32:2831
80.236.128.32:2832
80.236.128.32:2833
80.236.128.32:2834
80.236.128.32:2842
80.236.128.32:2845
80.236.128.32:2846
.
.
.
same IP repeats 58 times when i checked last time.

I have already blocked this IP using iptables

# iptables -L |grep 80.236.128.32
DROP all -- adsl-80-236-128-32.wanadoo.be anywhere

Even after its denied in iptables, why netstat shows the IP ?

Regards,

Yujin Boby

 

 

 

 

Top