LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-04-2006, 08:24 AM   #1
crime
LQ Newbie
 
Registered: Apr 2006
Posts: 11

Rep: Reputation: 0
Looking for a great ddos/attack protection.


Hello.

I have some Linux Redhat FC3 Servers. But they're getting a lot of attacks such as DDOS and something like it. I couldn't find a real solution yet, but i want to block attacker's IPs using firewall.

But i dont know how to detect attackers IPs. Is there something which can log IPs of attackers.

Thanks.
 
Old 06-04-2006, 03:41 PM   #2
b0nd
Senior Member
 
Registered: Jan 2005
Distribution: Slackware, BackTrack, Windows XP
Posts: 1,020

Rep: Reputation: 45
Quote:
Originally Posted by crime
Hello.

I have some Linux Redhat FC3 Servers. But they're getting a lot of attacks such as DDOS and something like it. I couldn't find a real solution yet, but i want to block attacker's IPs using firewall.

But i dont know how to detect attackers IPs. Is there something which can log IPs of attackers.

Thanks.
Hi,
Do you think the attacker is launching attack from one or two machines only ???
DOS attacks are no more effective.
They must be launching DDos attack and in that case they use lots of machine (already hacked) to attack the new machine.
Its hard to have their IP's b'coz there attack won't be completing the 3-way-handshake.
Two steps could be followed to cope up with this problem.

1. reduce the time period for which your machine waits for the completion of connection with other machines.
2. increase the 'queue' size so that your machine can have big buffer to store information of the new connections (which are half competed).

I don't know how to do the above mentioned things.....use google for that.

regards
 
Old 06-07-2006, 11:18 PM   #3
soulestream
Member
 
Registered: Nov 2005
Posts: 183

Rep: Reputation: 30
Quote:
lot of attacks such as DDOS and something like it.
You might want to explain this question a little better. Why do the servers have ports open to the internet? WebServers? You need to check you access logs.

What makes you think you are getting DDOS'd?

If you are getting DDoS'd you need to call your ISP. You can drop packets at your router/firewall, but that will still kill your bandwidth.


Soule
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DDOS attack WebProblem GNU Linux - Security 15 02-09-2005 10:28 PM
ddos or hacked? Please help!! lucastic Linux - Security 8 12-16-2004 08:56 PM
Ddos Mag|c Linux - Security 2 08-16-2003 10:41 PM
sourcecode for attack protection in linux jw.pi Linux - Networking 2 06-25-2001 01:46 PM
ddos attack ashis Linux - Security 1 06-14-2001 03:31 AM


All times are GMT -5. The time now is 04:14 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration