DZone Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world

Snippets Manager

Snippets has posted 5883 posts at DZone. View Full User Profile

Looking Into DOS And DDOS Attacks

01.21.2006

| 1963 views |

        <a href="http://etechsupport.net/forum/showthread.php?t=434">A good guide to what to do when your server is attacked</a>.

top -d2
netstat -nap | grep SYN | wc -l
netstat -nap | less


If there are many httpd processes showing up after step 1, you might be under attack. If you get high numbers for the second one, you are almost definitely under attack. Use the third one to see the IP addresses, and then ban them from the server:

iptables -A INPUT -s ip.address -j DROP


Also try the following for fixing stuff:

cd /dev/shm
ls


And delete anything that's not supposed to be there.

locate bindz
locate botnet.txt
locate dc
locate ex0.pl
locate kaiten
locate r0nin
locate udp.pl
locate ...
lsof | grep .,
locate mybot

Tags:

servers
ssh

"Starting from scratch" is seductive but disease ridden
-Pithy Advice for Programmers

Looking Into DOS And DDOS Attacks

Popular Tags

Popular Snippets

Spotlight Features

Ubuntu is Coming to Smartphones: What Could You Use It For?

perf4j – Sample Snippets

Get Real Data from the Semantic Web

Apache Lucene and Solr 4.1 Released

Spotlight Resources

Practical DNS: Managing Domains for Safety, Reliability, and Speed

Camel Essential Components

Essential Couchbase APIs: Open Source NoSQL Data Access from Java, Ruby, and .NET