Reply to Message

Since our upstream's admin didn't help us to block those incoming traffic, I've done this myself in the webserver using tcpdump, to analyze which ip subnet has the most incoming traffic, then I apply iptables -j DROP to block them all. The traffic pattern is quite easily predictable, and i can block them effectively using their class B address (/16).