FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 05-24-2008, 09:41 PM
Temlakos
 
Default OT: (D)DoS attack mitigation

Anyone have a line on things that a root-accessed server admin can do to
stop a (D)DoS attack?


Temlakos

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-24-2008, 10:56 PM
"Patrick O'Callaghan"
 
Default OT: (D)DoS attack mitigation

On Sat, 2008-05-24 at 17:41 -0400, Temlakos wrote:
> Anyone have a line on things that a root-accessed server admin can do to
> stop a (D)DoS attack?

A DDOS attack on what? What services are you running that might be
attacked? Are all unnecessary ports closed?

poc

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-25-2008, 12:57 AM
Itamar - IspBrasil
 
Default OT: (D)DoS attack mitigation

the only way to stop a ddos in one level up or on the source of the ddos


Temlakos wrote:
Anyone have a line on things that a root-accessed server admin can do
to stop a (D)DoS attack?


Temlakos




--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-25-2008, 02:51 AM
Temlakos
 
Default OT: (D)DoS attack mitigation

Patrick O'Callaghan wrote:

On Sat, 2008-05-24 at 17:41 -0400, Temlakos wrote:

Anyone have a line on things that a root-accessed server admin can do to
stop a (D)DoS attack?



A DDOS attack on what? What services are you running that might be
attacked? Are all unnecessary ports closed?

poc


The attack, if that's what it is, is against Web service (Apache) at
port 80. It's a Wiki site, on a server running CentOS 5. The site seems
to be running again, but a few hours ago I was getting connection
resets, timeouts, and "can't find server" messages. And at one point, my
Web host said that the apache system account was making too many requests.


It's a remote server to which I have root access--at least, whenever I
can sign in.


The Web host is supposed to have mod-dosevasive and a Brute Force
Detection package installed. Assuming that those packages are in fact
working, what other measures should I take?


I need to have port 80 open for ordinary Web service, plus one other
port open for signing in as a domain-management client or as a server
administrator. I also use ssh on occasion, but I normally forbid that,
and open it only when necessary to get in, run a few quick scripts, and
then get out.


The "top" command reveals two routines by apache; the rest run by root.

I just installed wireshark, but now I can't get wireshark to start:
"command not found." What directory is that supposed to install in?


Temlakos

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 05-25-2008, 04:52 AM
"Patrick O'Callaghan"
 
Default OT: (D)DoS attack mitigation

On Sat, 2008-05-24 at 22:51 -0400, Temlakos wrote:
> Patrick O'Callaghan wrote:
> > On Sat, 2008-05-24 at 17:41 -0400, Temlakos wrote:
> >
> >> Anyone have a line on things that a root-accessed server admin can do to
> >> stop a (D)DoS attack?
> >>
> >
> > A DDOS attack on what? What services are you running that might be
> > attacked? Are all unnecessary ports closed?
> >
> > poc
> >
> >
> The attack, if that's what it is, is against Web service (Apache) at
> port 80. It's a Wiki site, on a server running CentOS 5. The site seems
> to be running again, but a few hours ago I was getting connection
> resets, timeouts, and "can't find server" messages. And at one point, my
> Web host said that the apache system account was making too many requests.

Resets, timeouts and "not found" messages are usually indicative of
overloading at the network level. If the DDOS is simply swamping your
input, there's really nothing to be done within your system except wait
it out. Any countermeasures will have to be at the ISP level.

> I just installed wireshark, but now I can't get wireshark to start:
> "command not found." What directory is that supposed to install in?

'rpm -ql wireshark' will list all the files in the package. The
executables are usually at the top.

poc

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 09:52 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org