Trying to drop a DDoS attack using TTL and Length in iptables July 18th, 2011
Considering that there is a fairly big amount of DDoS attacks going around and not so many free tools available to work against this on a server level everyone will try to get the best of what he has available and why not use IPtables if you are on a Unix server.
Trying to check for an easy way to stop a DDoS attack and do not involve php or such scripts i ended up learning something about IPtables and that is that it is fairly simple to use TTL and Length of packets to stop or at least bring down to a reasonable amount an attack. This does not work all the time but for the last two times worked pretty well and this because of the bots that are being used to tun the attack.
As a first thing we should try and find out a few IPs that are being used to attack the server and this can easy be done using netstat like:
netstat -tn --inet 2>/dev/null | grep ":80" | \ awk '/tcp[\ ]*[0-9]+[\ ]*[0-9]+[\ ]+[^\ ]+[\ ]*[^\ ]*/ {print $5}' | \ cut -d":" -f1 | sort | uniq -c | sort -n
or more simple:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
The IPs with a high connections number(eg. over 150) can be considered as being part of the attack even if a big intensity attack will make you see IPs with over 600-700 connections. Read the rest of this entry »
20 Linux System Monitoring Tools Every SysAdmin Should Know February 18th, 2010
Need to monitor Linux server performance? Try these built-in command and a few add-on tools. Most Linux distributions are equipped with tons of monitoring. These tools provide metrics which can be used to get information about system activities. You can use these tools to find the possible causes of a performance problem. The commands discussed below are some of the most basic commands when it comes to system analysis and debugging server issues such as:
- Finding out bottlenecks.
- Disk (storage) bottlenecks.
- CPU and memory bottlenecks.
- Network bottlenecks.
#1: top – Process Activity Command
The top program provides a dynamic real-time view of a running system i.e. actual process activity. By default, it displays the most CPU-intensive tasks running on the server and updates the list every five seconds.
Fig.01: Linux top command
Commonly Used Hot Keys
The top command provides several useful hot keys:
| Hot Key | Usage |
|---|---|
| t | Displays summary information off and on. |
| m | Displays memory information off and on. |
| A | Sorts the display by top consumers of various system resources. Useful for quick identification of performance-hungry tasks on a system. |
| f | Enters an interactive configuration screen for top. Helpful for setting up top for a specific task. |
| o | Enables you to interactively select the ordering within top. |
| r | Issues renice command. |
| k | Issues kill command. |
| z | Turn on or off color/mono |
=> Related: How do I Find Out Linux CPU Utilization?
#2: vmstat – System Activity, Hardware and System Information
The command vmstat reports information about processes, memory, paging, block IO, traps, and cpu activity.
# vmstat 3
Sample Outputs:
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------ r b swpd free buff cache si so bi bo in cs us sy id wa st 0 0 0 2540988 522188 5130400 0 0 2 32 4 2 4 1 96 0 0 1 0 0 2540988 522188 5130400 0 0 0 720 1199 665 1 0 99 0 0 0 0 0 2540956 522188 5130400 0 0 0 0 1151 1569 4 1 95 0 0 0 0 0 2540956 522188 5130500 0 0 0 6 1117 439 1 0 99 0 0 0 0 0 2540940 522188 5130512 0 0 0 536 1189 932 1 0 98 0 0 0 0 0 2538444 522188 5130588 0 0 0 0 1187 1417 4 1 96 0 0 0 0 0 2490060 522188 5130640 0 0 0 18 1253 1123 5 1 94 0 0
Display Memory Utilization Slabinfo
# vmstat -m Read the rest of this entry »
Posted in linux, Networking | No Comments »
