Proteccion de un DDOS Ataque - Foro Support - Manuales tecnicos


No announcement yet.

Proteccion de un DDOS Ataque

  • Filter
  • Time
  • Show
Clear All
new posts

  • Proteccion de un DDOS Ataque

    Proteccion de un DDOS Ataque

    Here is a command line to run on your server if you think your server is under attack. It prints our a list of open connections to your server and sorts them by ammount.
    RedHat: netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
    BSD: netstat -na |awk '{print $5}' |cut -d "." -f1,2,3,4 |sort |uniq -c |sort -n

    You can also check for connections by running the following command.
    netstat -plan | grep :80 | awk '{print $4 }' | sort -n | uniq -c | sort
    These are few step to be taken when you feel the server is under attack:
    Step 1: Check the load using the command "w".
    Step 2: Check which service is utilizing maximum CPU by "nice top".
    Step 3: Check which IP is taking maximum connection by netstat -anpl|grep :80|awk {'print $5'}|cut -d":" -f1|sort|uniq -c|sort -n
    Step 4: Then block the IP using firewall (APF or iptables "apf -d < IP>" )
    You can also implement security features in your server like:
    1) Install apache modules like mod_dosevasive and mod_security in your server.
    2) Configure APF and IPTABLES to reduce the DDOS
    3) Basic server securing steps :
    Secure Your Linux Server - O'Reilly Media
    4) Configure sysctl parameters in your server to drop attacks.
    You can block the IP which is attacking your server using Ipsec from command prompt.
    >> netsh ipsec static add filterlist name=myfilterlist
    >> netsh ipsec static add filter filterlist=myfilterlist srcaddr=a.b.c.d dstaddr=Me
    >> netsh ipsec static add filteraction name=myaction action=block
    >> netsh ipsec static add policy name=mypolicy assign=yes
    >> netsh ipsec static add rule name=myrule policy=mypolicy filterlist=myfilterlist filteraction=myaction