DoS attack ?

ads server = advertising system...

how can i trace the real 'guy' behind the proxy

ads server = advertising system...

how can i trace the real 'guy' behind the proxy

Without direct access to the proxy server, or cooperation from whoever is responsible for it, there's not any way to tell who is actually originating the traffic. At the TCP/IP level all of the data will pint back to the proxy server and no further. You have to examine the logs of the proxy to find out what "inside" address caused the traffic.

At this point, if it were me, I'd institute an IP block to reject all traffic from the proxy server just to protect my system. That's easy for me to say, since I always have something with filtering/firewall capabilities between systems I manage/use (even my home machines) and the Internet. Depending on how you are set up it might not be as easy. Then I'd find out who is the Administrative Contact (via whois) for the domain the proxy server is in, contact them and have them do something about it.

If you know the ip address the attack is coming from and you wish to deny service but without a firewall, on a Solaris system you can set up basic tcp wrappers. I don't know if this would work for any other flavour of unix. Create a file called /etc/hosts.deny and out the following line in:

ALL:100.100.100.100

Where the ip address 100.100.100.100 is replaced with the ip address of the proxy server. This will deny all attempted connections from this address.

He might be able to use tcp wrappers, if his application is suitable for use with same. Whether they will work in this case depends the app and the nature of the attack. It might be that a more general solution is needed, like ipfilter (cheops.anu.edu.au/~avalon/ip-filter.html).

/etc/hosts.deny should have no effect on any applications running on the machine though. It will just deny service to one particular ip address.

Nope, in the case of tcp wrappers ALL just means every service that's been "wrapped", i.e., those services listed in inetd.conf that look like:
ftp     stream  tcp     nowait  root    /usr/sbin/tcpd  in.ftpd -l -a

The operative part is that the daemon inetd will summon on a connect on that service is /usr/sbin/tcpd. It in turn will check the hosts.deny, and if it's okay will pass the connection to the actual daemon (in.ftpd in this case).

How does contradict what I said?

Because it doesn't "deny all attempted connections from this address". It only denies access from that machine to "wrapped" services. His "ads" service may well be a custom app listening on some UDP port for all we know (not under control of inetd and quite possibly not "wrappale".

Good point

i had blocking all the request form that proxy IP,

and now my server load is quite okay....

Thanx guys