ddos attack

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is a attack in which the server resources become unavailable to its intended users. There is one quick command via which you can check if your server is under DDOS attack or not. netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n This command will show you the list of IP’s which have logged in is maximum number of connections to your server. You should also remember that ddos becomes more complex as attackers are using fewer connections with more number of attacking IP’s. In such cases, you will get less number of connections even when your server is under ddos. One important thing that you should check is the number of active connections that your server currently has. netstat -n | grep :80 |wc -l The above command will show the active connections that are open to your server. netstat -n | grep :80 | grep SYN |wc -l There are many attackers present who typically start attack by starting a connection to the server and then do not send a reply making the server wait till it times out. Result of active connections from the first command will vary but if it shows connections more than 500, then you will be definitely having problems. If the result after you fire second command is 100 or above then you are having problems with sync attack. You can even block a particular IP on your server. If you wish to block a particular IP on the server, you can use the following command route add ipaddress reject Here is one example of how to block a particular IP on the server for example: route add 115.98.0.55 reject Once you block a paricular IP on the server, you can even crosscheck if the IP is blocked or not by using the following command. route -n |grep IPaddress You can also block a IP with iptables on the server by using the following command. iptables -A INPUT 1 -s IPADRESS -j DROP/REJECT service iptables restart service iptables save After firing the above command, KILL all httpd connection and than restart httpd service by using following command: killall -KILL httpd service httpd startssl In this way you can check if your Linux Server is under DDOS attack or not.

Advertisements
Leave a comment

Leave your opinion

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: