- 最新
- 投票最多
- 评论最多
The challenge is that identifying what are valid packets vs. DDoS packets is sometimes difficult (particularly if they are coming from different source IP addresses). This is even more difficult with UDP because it is stateless - there are no sessions to track and it becomes harder for automated systems to determine what are "good" vs. "bad" packets.
Using tcpdump is a good start; you might also enable VPC Flow Logs and try to create some NACLs or Security Group rules to drop traffic from known bad sources. While using iptables is good it also consumes CPU resources on your instance(s) - having those packets dropped before they get to the instance(s) is better.
I'd strongly recommend engaging with the AWS support team. They are in a position to perform more in-depth examination and to assist.
相关内容
- AWS 官方已更新 2 年前
- AWS 官方已更新 3 个月前
- AWS 官方已更新 1 年前