I host a GameServer and some stupid guy just keeps attacking my Application server with random queries. I have found a solution to block it but he uses different kinds of queries so I have to block the new ones almost daily using iptables. I bought a test VPS to try and change those flood strings and attack my Dedi just to be sure if everything is now safe because I can't wait for him to attack everyday.
Now the thing is, he uses multiple spoofed IPs in the attack. While my test tool can do it, it looks like some Networking issues not letting it happen. Lets say the target IP is target.com and it has to be attacked by attacker.com while test.com will be the IP that will be used for generating the attack from attacker.com to target.com.
Now I do see on the test.com machine using iftop that attacker.com is flooding target.com but no such attack appears entering the target.com machine. The script for the application flood is the same being used by the attacker and on asking the developer of the script, he says you have to directly be connected to the internet without a firewall/nat/ router.
I'm not good in Networking so I'd like to ask how can we achieve it. Aren't the VPS machines already directly connected, if not how can we get such a machine cheaply for testing?
It would make more sense to start throttling connections to your application in my opinion, if iptables are an option this: http://www.cyberciti.biz/faq/iptables-connection-limits-howto/ provides the required information.