Solution to UDP Attack on linux

A few days ago, my friend's website traffic was very high, leading to access failure. Go to the IDC and check whether the server is DOWN. After restarting, use bandwidth to view recent traffic conditions. The result is that UDP traffic reaches the peak. The system is Centos 5.4.
 
1. Download and install iftop to view the specific traffic source.
Wget http://www.ex-parrot.com /~ Pdw/iftop/iftop-0.17.tar.gz # download source code installation package
Tar-zvxf iftop-0.17.tar.gz # Extract
Cd iftop-0.17
./Configure
Make & make install # install
Check whether the following packages are installed before installation
Yum install flex byacc libpcap ncurses-devel libpcap-devel
Iftop basic commands
Run iftop directly
Parameters
-I: Specify the NIC # The default value is eth0.
-B displays traffic in bytes # The default value is bits.
-N: the host information is directly displayed by default.
-B: display the traffic graph by default.
For detailed use, see: http://www.bkjia.com/ OS /201202/119266.html
2. Use iptables to block IP addresses with abnormal traffic
Iptables-I OUTPUT-d IP address-j DROP
3. Disable all UDP ports
Iptables-I OUTPUT-p UDP-j DROP
4. Open the UDP port of the DNS server
Iptables-I OUTPUT-p UDP-d DNS address-j ACCEPT
You can view the DNS address in the/etc/resolv. conf file.
5. iptables-save
Service iptables resetart
The problem can only be solved temporarily, and the accesslog needs to be thoroughly resolved to find out the attack code. Or redeploy the system or software.