[Firehol-support] Logging of DDoS attacks

Bernhard Gruen bjmg at h0t.de
Fri Apr 1 23:15:36 BST 2005

Hello Costa, hello list members,

at the moment my server housing provider has some trouble with incoming
DDoS attacks. Therefore some people on a private inofficial message board
discussed about detection and logging of these kind of attacks.
I stated that FireHOL has support for "accept with limit". With this
option enabled I can log that my server is flooded on only one service.
But I am not able to detect that my server is flooded with UDP packets on
many fast changing ports. Someone else thought that he could use tcpdump
to detect such a kind of attack but I am sure that this is not the best
solution. I hope that IPtables/FireHOL is able to log such attacks too.
Can someone give me a hint how to do this?
Our goal is to write a tool that searches the logs for messages about
possible DDoS attacks from IPtables/FireHOL.

Many thanks for reading my message and many many thanks in advance for

Bernhard Gruen from Germany

btw. FireHOL is beloved by many members of that private message board.
Thank you for your piece of god-like software!

More information about the Firehol-support mailing list