Can't stop DDOS [duplicate]
Solution 1:
As far as I can see, the iptables
question is a red herring: your rules are dropping these packets just fine, hence the very large packet counts on your fifth and final rule (the DROP
rule).
I presume from your question that you want not just to drop them, but not to see them on your port at all, and that can only be achieved by talking to your provider. Simply having them block all inbound UDP traffic with source port 53 will probably stop the server working, as it will break DNS, but if you can reconfigure your server to only use two or three specific upstream DNS servers there is some chance of getting your provider to block all other inbound port 53 traffic.
Edit: my commiserations on your poor provider. I think the issue of hardware firewalls is irrelevant: one of those won't stop the traffic being delivered to your port, it will only sit between your port and your server and stop the traffic consuming resources on your server. Since I don't see any evidence above that it's causing any resource issues on the server I don't see how that will help you.
It would be very normal indeed for a responsible provider to agree to block temporarily certain kinds of traffic to a port, but if your provider won't do this, then I don't see you can do much but shrug, weather the storm, then look at other providers when your contract comes around for renewal.
Solution 2:
Assuming your port size is smaller then 1Gbps:
Simple answer. Get a hardware firewall. Fighting a dDoS, especailly one in the Gbps range is not going to happen at the actual server.
If all the traffic is coming from port 53, have your provider block port 53 upstream.