netstat -plan|grep TIME_WAIT|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
netstat -plan|grep SYN_RECV|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
command to prevent it
route add -host 67.101.47.224 reject
iptables -I INPUT -s 61.58.29.77 -j DROP
if apf is installed then fire this command
apf -d IP
it will deny those IPs
Few more Commands
netstat -a | find "TCP"
idetifying SYN attack
====================
Load becomes very inconcistant
netstat -an | grep SYN (if long list SYN_REC)
netstat -n -p|grep SYN_REC|wc -l (gives count of SYN attacks)
also checking acces_logs (if perticular IP found to be requesting most
then can block that IP)
you can go for below
====================
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
==============================
netstat -an | grep SYN | more
iptables -A INPUT -s IP -j DROP
iptables -A INPUT -s 168.75.16.116 -j DROP
iptables restart
look for this lines in your /etc/httpd/conf/httpd.conf
code:--------------------------------------------------------------------------------
# KeepAlive: Whether or not to allow persistent connections (more than
KeepAlive On
# MaxKeepAliveRequests: The maximum number of requests to allow
MaxKeepAliveRequests 100
# KeepAliveTimeout: Number of seconds to wait for the next request from the
KeepAliveTimeout 15
--------------------------------------------------------------------------------
set KeepAlive On to Off with your favorite text editor
that should work, if not you may be a victim of DoS attack
======================================================
echo 90 > /proc/sys/net/ipv4/tcp_keepalive_time
======================================================
Subscribe to:
Post Comments (Atom)
Blog Archive
-
▼
2007
(117)
-
▼
November
(47)
- Install mod_python on cpanel server
- Identifying Process
- httpd segmenation Fault
- httpd issues , service started but sites not browsing
- View httpd , smtp other connections ( Unix )
- http and https site issues
- Set up VPN for UNix servers
- View Error Logs ( unix )
- View Server Info , Configs ( Unix )
- View IPs Causing attack
- How to open ports
- Install BIND or Named , wtih YUM
- Check mail logs for a particular Domain
- Block the IPs / for particular port
- full disk space issues ( Finding out the culprit )
- How to find out IPs trying to login to ssh
- ffmpeg installation error , partition remounted
- Exim load , finding email ID
- pure -ftpd , increase no . of dirctories viewable
- How to flush DNS in linux
- Disable ping on the server ( unix )
- Setting Index page ( Unix )
- Detect DDOS
- Exim Admin
- Direct Admin License Issues
- Cron Job
- Critical Namd Issue
- Mysql Admin
- Configure User Quota on a Plain server ( Unix )
- Command to change the Date ( Unix )
- checking error logs for a domain and httpd logs pl...
- Check and close your DNS servers ( unix )
- How To change the port ( SSH )
- CGI Issues not able to bowse the page
- Bind Configuration ERRor ( Named )
- Adding IPs on plain CentOS server ( Unix )
- High Traffic balance with this script ( Unix )
- IIS Tunning
- IIS Tweaking
- ERROR 2003: Can't connect to MySQL server on 'loc...
- Retrieve IUSER Password with this Script
- Reverse DNS lookup in Windows
- Server Application Error
- Server Performance Advisor ( Windows )
- Setting Up IPsecurity with ADSI ( Script )
- System Restore Windows
- Error while Removing Name serversfromWHM ICANN error
-
▼
November
(47)
No comments:
Post a Comment