Cool Dba

  • Home
  • Sql tricks
  • Security
  • Maintainance
  • Backups
  • Recovery
  • Replication
  • Installation
  • Linux

Sunday, May 29, 2016

Finding and preventing ddos attack on Linux Server

 Anil Joshi     11:15 PM     Linux, Security     No comments   


A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems flooding the targeted system with traffic.A denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

check ddos attack

netstat -anp|grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort –n

This command will show you the list of IP's which have logged in is maximum number of connections to your server.

ddos becomes more complex as attackers  use fewer connections with more number of attacking IP's.In such cases, you should get less number of connections even when your server is under ddos.One important thing that you should check is the number of active connections that your server currently has by executing below command:

netstat -n | grep :80 |wc –l

netstat -n  | grep :80 | grep SYN |wc –l

Result of active connections from the first command will vary but if it shows connections more than 500, then you will be definitely having problems. If the result after you fire second command is 100 or above then you are having problems with sync attack.
This command is useful to find out how many active SYNC_REC are occurring on the server. The number should be pretty low, preferably less than 5. On DoS attack incidents or mail bombs, the number can jump to pretty high. However, the value always depends on system, so a high value may be average on another server.

netstat -n -p|grep SYN_REC | wc -l

netstat -n -p | grep SYN_REC | sort -u

Once you find the ip attacking your server, you can easily block it.Fire the following command to block that ip or any other specific ip:

check ip blocked or not by using the following command:

route -n |grep IPaddress

You can also block a IP with iptables on the server by using the following command.

iptables -A INPUT 1 -s IPADRESS -j DROP/REJECT

service iptables restart

service iptables save

After firing the above command, KILL all httpd connection and than restart httpd service by
using following command:

killall -KILL httpd

service httpd startssl


  • Share This:  
  •  Facebook
  •  Twitter
  •  Google+
  •  Stumble
  •  Digg
Email ThisBlogThis!Share to XShare to Facebook
Newer Post Older Post Home

0 comments:

Post a Comment

Deals on Amazon

Mobiles on Amazon

About Me

My photo
Anil Joshi
New Delhi, Delhi, India
I am a simple man with little knowledge of computer software and Tehnology.
View my complete profile

Popular Posts

  • SELinux mechanism in linux environment.
    Security-Enhanced Linux (SELinux) is a mandatory access control (MAC) security mechanism implemented in the kernel. SELinux was first ...
  • Complete uninstallation of Mysql Server on centos
    Step 1: Check list the mysql rpm which is installed on server rpm -qa | grep mysql or yum list installed | grep mysql Step 2 : Re...
  • Finding and preventing ddos attack on Linux Server
    A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usual...
  • Mysql Security
    Improved  MySQL Database Se curity 1. Secure your server Many known attacks are possible only once physical access to a machi...
  • Dual Master Replication(Master-Master)
    MySQL replication is the most flexible way to deal with scalability and availability. The most common problem with replication is ...
  • Tracing the execution of processes using strace
    Strace is quite simply a tool that traces the execution of system calls. It can trace the execution of a binary from start to end, and ou...
  • Check and Repair Mysql Tables
      Check a Specific Table in a Database If your application throws an error message saying that a specific table is corrupted, exe...
  • Simple bash script's for managing mysql
    1. Monitoring replication health #!/bin/bash sql_thread_running=$(mysql -e "show slave status\G" | awk -F":" ...
  • Mysql Installation using rpm package
        1.Download the required rpm filess MySQL-client-community-5.1.25-0.rhel5.i386.rpm MySQL-server-community-5.1.25-0.rhel5.i386....
  • Running select statement inside an update query
    Running select statement inside an update query You could use a non-correlated subquery to do the work for you: 1.  UPDATE tbl_1 d...
Best Shoes on amazon

Categories

  • Backups
  • Database Maintainance
  • Installation
  • Linux
  • Mysql
  • Recovery
  • Replication
  • Scripts
  • Security
  • SELinux
  • sql tricks
  • Strace

Pages

  • Home

Blog Archive

  • ▼  2016 (19)
    • ►  June (1)
    • ▼  May (18)
      • Finding and preventing ddos attack on Linux Server
      • Tracing the execution of processes using strace
      • SELinux mechanism in linux environment.
      • Simple bash script's for managing mysql
      • Running multiple mysql instance on single server(C...
      • Mysql Installation using rpm package
      • Check and Repair Mysql Tables
      • Dual Master Replication(Master-Master)
      • Filter Replication Variables
      • Master-Slave Replication without downtime
      • How to Export and Import files in Mysql
      • Recovering InnoDB MySQL Tables Data from ibdata ...
      • Check Database Size,Compare tables & column Differ...
      • Store Procedure & Views Backups
      • Mysql Security
      • MySQL Restart Failed
      • Running select statement inside an update query
      • Mass Killing Mysql Process

Sample Text

Copyright © Cool Dba | Powered by Blogger
Design by Hardeep Asrani | Blogger Theme by NewBloggerThemes.com | Distributed By Gooyaabi Templates