Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Just need some help on interpreting some network traffic data which was captured during a DDos. It was mailed to be from a friend who runs the server, but perhaps a more learned interpretation would help my understanding of the situation.
Here are two screenshots :
I have limited knowledge on the subject but from first hand it seems to me that the server is poorly configured as such low number of requests / traffic shouldn't have been able to bring the site down. Going on the data represented in the graphs what conclusions could one draw on the efficiency of server config to prevent such attacks in future. Is it indeed badly configured ?
As a novice in suck matters any feedback would definitely help with my understanding on the subject.
Err, almost anything. It could be a DoS, it could be a DDoS (and given that the counter measures could be far simpler for a DoS, it is not merely an idle, semantic, distinction) it could be something to do with the site content (assuming that it has content - you haven't said whether it does, but it is a strong possibility) it could be anything that makes this content suddenly more popular, it could be a massively popular site mistakenly linking to your site.
As you seem to be unwilling to add the kind of evidence (any?) that has either persuaded you or could persuade someone else that this is a DDoS, is there really any point in carrying on with this thread?
Sorry for being so vague salasi. The site does have content I was told it was a very hard DDos but judging by the basic stats in the graphs I can't think it could have been that large an attack ? I was just wanting to know what someone with expert knowledge or experience could make of the data in the graphs.
You don't use graphs to investigate possible DoS and DDoS activity. And you wouldn't believe how many people that visit the forums think they're under attack when it's something else entirely (as salasi mentioned above).
A simple search of these forums should help you a bit with using the proper tools and assessment of denial-of-service-like activity. Once that is done, supply some supporting information that isn't a chart. Do this and you'll be helping the people that want to help you investigate.