NetStat: Tilmaamaha lagu ogaanayo weerarada DDoS

Alejandro (a.k.a KZKG^Gaara)

Daqiiqado 3

Waxaan ka helay maqaal aad u xiiso badan linuxria ku saabsan sida loo ogaado haddii Server-kayga la weerarayo DDoS (Diidmada Adeegga), Ama maxaa isku mid ah, Weerarkii Adeegyada Diidmada.

NetStat si looga hortago weerarada DDoS

Weerarka noocan ahi waa wax iska caadi ah waxaana laga yaabaa inuu sabab u yahay in adeegeyaasheena ay xoogaa gaabis yihiin (in kasta oo ay sidoo kale noqon karto dhibaato Lakabka 8) weligoodna ma dhaawaceyso in laga digtoonaado. Si tan loo sameeyo, waxaad isticmaali kartaa qalabka netstat, taas oo noo oggolaaneysa inaan aragno isku xirnaanta shabakadda, miisaska dariiqa, tirakoobka isku xirnaanta iyo waxyaabo kale oo taxane ah.

Tusaalooyinka NetStat

netstat -na

Shaashadani waxay ku jiri doontaa dhammaan isku xirnaanta internetka ee firfircoon ee server-ka iyo kaliya xiriirinta la aasaasay.

netstat -an | dufan: 80 | kala sooc

Kaliya muuji iskuxirka internetka firfircoon serverka dekeda 80, oo ah dekedda http, kalana natiijooyinka. Faa'iido u leh in la ogaado hal daad (daad) sidaas darteed waxay u oggolaaneysaa aqoonsashada xiriiro badan oo ka socda cinwaanka IP-ga.

netstat -n -p | grep SYN_REC | wc -l

Amarkani waa mid waxtar leh in la ogaado inta firfircoon ee SYNC_RECs ee ka dhacaya serverka. Tirada waa inay ahaataa mid aad u hooseysa, iyadoo la doorbidayo inay ka yar tahay 5. Dhacdooyinka diidmada weerarada adeegga ama bambooyinka boostada, tiradu aad ayey u badnaan kartaa. Si kastaba ha noqotee, qiimuhu had iyo jeer waa nidaam ku tiirsan, sidaas darteed qiime sare wuxuu caadi ku noqon karaa server kale.

netstat -n -p | salaax SYN_REC | kala sooc -u

Samee liistada dhammaan cinwaanada IP ee kuwa ku lugta leh.

netstat -n -p | salaax SYN_REC | awk '{daabac $ 5}' | awk -F: '{daabac $ 1}'

Liis garee dhammaan cinwaanada IP-ga ee noodhka soo diraya xaaladda isku xidhka SYN_REC.

netstat -ntu | awk '{daabac $ 5}' | jar -d: -f1 | kala saar | uniq -c | kala sooc -n

Isticmaal amarka netstat si aad u xisaabiso una tiriso tirada isku xirnaanta cinwaan kasta oo IP ah oo aad ku sameyso serverka.

netstat -anp | grep 'tcp | udp' | awk '{daabac $ 5}' | jar -d: -f1 | kala saar | uniq -c | kala sooc -n

Tirada cinwaanada IP ee ku xira server-ka adoo adeegsanaya maamuuska TCP ama UDP.

netstat -ntu | grep ESTAB | awk '{daabac $ 5}' | jar -d: -f1 | kala saar | uniq -c | kala sooc -nr

Hubi iskuxirayaasha calaamadeeyay AAD DHISAY halkii aad ka xidhiidhi lahayd oo dhan, oo muuji iskuxirayaasha IP kasta.

netstat -plan | grep: 80 | awk {'print $ 5'} | cut -d: -f 1 | sort | uniq -c | sort -nk 1

Bandhigyada iyo liiska cinwaanada IP-ga iyo lambarkooda xiriir ee ku xirmaya dekedda 80 ee serverka. Port 80 waxaa u isticmaala HTTP codsiyada Webka.

Sida loo yareeyo weerarka DOS

Markaad hesho IP-ka uu adeeguhu weerarayo waxaad u adeegsan kartaa amarradan soo socda si aad u joojiso ku xirnaantooda server-kaaga:

iptables -GALIGII 1 -s $ IPADRESS -j QAADO / DIIDO

Ogsoonow inaad ku bedesho $ IPADRESS cinwaanada IP ee laga helay netstat.

Ka dib markaad toogato amarka kor ku xusan, DIL dhammaan xiriirada httpd si aad u nadiifiso nidaamkaaga oo aad dib ugu bilowdo mar dambe adoo adeegsanaya amarrada soo socda:

killall -DIL httpd
adeegga httpd bilaw # Nidaamyada loo yaqaan 'Red Hat systems / etc / init / d / apache2 dib u bilow # Nidaamyada Debian

source: linuxria


Ka tag faalladaada

cinwaanka email aan la daabacin doonaa. Beeraha loo baahan yahay waxaa lagu calaamadeeyay la *

*

*

  1. Masuul ka ah xogta: Miguel Ángel Gatón
  2. Ujeedada xogta: Xakamaynta SPAM, maaraynta faallooyinka.
  3. Sharci: Oggolaanshahaaga
  4. Isgaarsiinta xogta: Xogta looma gudbin doono dhinacyada saddexaad marka laga reebo waajibaadka sharciga ah.
  5. Kaydinta xogta: Macluumaadka ay martigelisay Shabakadaha Occentus (EU)
  6. Xuquuqda: Waqti kasta oo aad xadidi karto, soo ceshan karto oo tirtiri karto macluumaadkaaga.

  1.   James_Che dijo
    samee 10 sano

    Mozilla waxaa lagu qasbay inay ku darto DRM fiidiyowyada Firefox
    http://alt1040.com/2014/05/mozilla-drm-firefox
    Waan ogahay inaysan wax xiriir ah la lahayn boostada. Laakiin waxaan jeclaan lahaa inaan ogaado waxa aad ka aaminsan tahay arrintan. Waxa ugu fiican ayaa ah inuu naafo noqon karo.

    Jawaab James_Che
    1.    faahfaahsan dijo
      samee 10 sano

      Ninyahow, waayo doodaha waa Madal.

      Jawaab in elav
      1.    msx dijo
        samee 10 sano

        Adigu nin iproute2 ah, iskuday 'ss' ...

        Ku jawaab msx
    2.    nano dijo
      samee 10 sano

      Waan ku raacsanahay Elav, golahu waa wax ... Ma tirtirayo faallooyinka laakiin, fadlan, ka faa'iideyso meelaha loo diyaariyey shay kasta.

      Ku jawaab nano
  2.   Khadad jaantus ah dijo
    samee 10 sano

    Halkii aad xoqin lahayd, egrep
    netstat -anp | grep 'tcp | udp' | awk '{daabac $ 5}' | jar -d: -f1 | kala saar | uniq -c | kala sooc -n

    by

    netstat -anp | egrep 'tcp | udp' | awk '{daabac $ 5}' | jar -d: -f1 | kala saar | uniq -c | kala sooc -n

    Jawaab LineaGrafica
  3.   JuanSRC dijo
    samee 10 sano

    Tani waxay noqon doontaa mashruuc aan dejinayo halkaas oo ay ka jiraan fursado badan oo ah bartilmaameedyada DDoS

    Jawaab JuanSRC
  4.   Raiola ayaa xukuma mana aha panda dijo
    samee 7 sano

    Aad baad ugu mahadsan tihiin macluumaadka, beryahan dambe tartanku waa ku culus yahay mowduuca.

    Ujawaabida Raiola waa madax mana ahan baandaha