Hello everyone. I've got a basic question about NetPatrol's capabilities.
I've got a server that's being DDOS attacked and I'm trying to stop it. The big problem is that there are 100s of source hosts and the amount of traffic hitting my NIC is more than my NIC can handle, so it tanks my connection till the attack ends.
What I'm looking for is software that can keep track of how many IP addresses are currently talking to a certain IP address (I have 10 on this server) and if it goes over that amount, just drop all traffic from that IP address.
The hope is, because the DDOS comes in in a wave - 10 people start attacking, 20 more in a bit, 30 more, and so on - that when the 1st 20 join, the server will shut the IP down, then the 1st 20 will stop, 20 more will join on, the next 20 will drop, and the traffic will never peek over an amount my NIC can handle.
Because this is more of a Bandwidth flood than a DDOS, I can't really do anything else software wise, and my server host can't do much network side to stop it. Also, the attack is on a CounterStrike game server, and they attack port 27015 on UDP, so it's not session based.
Any thoughts would be great.
Thanks everyone.