LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-06-2012, 05:53 AM   #1
SamiMukahhal
LQ Newbie
 
Registered: Oct 2012
Posts: 1

Rep: Reputation: Disabled
Track DDOS


I'm getting heavily ddosed.
I can't even enter ssh while I'm getting ddosed.
Everything just locks.
Each and every google search , moreover than 200+ say to type in the netstat command and check in number of connections by each IP to block it.
In real time ddos I'm not able to enter SSH.

I was wondering If I could check logs somewhere or something and track down the IP that is dosing me.

Can anyone please help or assist me with what to do ?

Does var/logs/iptables.log have to do anything with this ?

Help is highly appreciated, I wanna know the doser
 
Old 10-06-2012, 07:11 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,273
Blog Entries: 54

Rep: Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852
Quote:
Originally Posted by SamiMukahhal View Post
I'm getting heavily ddosed. (..) I was wondering If I could check logs somewhere or something and track down the IP that is dosing me. (..) I wanna know the doser
The most important thing to know about mitigating a DoS or DDoS situation is that you can not solve this on your own. Sure there are things you could do to mitigate the situation from rate limiting traffic to shutting down publicly accessible services but in the end there is only so much an end point can accomplish on its own: you require the cooperation of your hosting provider to block traffic at their border until the threat passes by.
 
Old 10-07-2012, 09:29 AM   #3
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
I would also add that when one is getting DDOS'd there is usually a reason for it, as in you have done something to attract unwanted attention. Based upon the threads on this subject that I've seen in this forum over the couple of years, the most common cause is running a game server. You haven't given much in the way of detail regarding your situation, but as unSpawn correctly pointed out, it is pretty much immaterial as you will need to address this upstream of your server.
 
Old 10-07-2012, 01:40 PM   #4
okcomputer44
Member
 
Registered: Jun 2008
Location: /home/laz
Distribution: CentOS/Debian
Posts: 241

Rep: Reputation: 51
Hi,

PfSense could be a solution in some case.
If you have a spare machine with strong CPU with 1GB RAM that would do the trick for you.

Basically when you got the attack the attacker computers don't care about the SYNC packages.
And your system try to answere all the new packages that is why your box dies, because it wants to reply to IP addresses which are fake actually.

If you would have a PfSense firewall front of your box, then PfSense drops the packages if no open ports to sync back or faked IPs.
One of my colleague tested it with 150K/sec packages and they still had fine replies from the PfSense box and had the console too.

Of course it wont work in some cases but in some this would help you.
Unfortunately PfSense firewall's kernel does not fine tuning to work well on any virtual machines.
You can install it on VmWare or KVM but the CPU usage will be high all the time however you could test it at least to see how it works. If you use virtual machine choose the Free-BSD system cause PfSense based on Free-BSD.

Laz
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] DDOS, please help! Seregwethrin Linux - Security 27 03-11-2011 01:55 PM
LXer: Track Me! Just Track Me, GNOME Project! LXer Syndicated Linux News 0 03-02-2011 01:41 AM
[SOLVED] howto track DDoS attack on a linux server golden_boy615 Linux - Security 1 01-25-2011 08:31 AM
DDOS and pf sci3ntist Linux - Security 3 06-03-2010 02:48 PM
Ddos Mag|c Linux - Security 2 08-16-2003 09:41 PM


All times are GMT -5. The time now is 05:22 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration