Ngithole i-athikili ethakazelisa kakhulu ku- I-Linuxaria sendlela yokubona ukuthi ngabe iServer yethu iyahlaselwa yini DDoS (Ukusatshalaliswa Kokusabalalisa Okusatshalalisiwe), Noma yini efanayo, Ukuhlaselwa kwezinsizakalo.
Lolu hlobo lokuhlaselwa luvame kakhulu futhi kungaba yisona sizathu esenza amaseva ethu ahambe kancane (yize futhi kungaba inkinga ye-Layer 8) futhi akukaze kube buhlungu ukuxwayiswa kusengaphambili. Ukuze wenze lokhu, ungasebenzisa ithuluzi netstat, esivumela ukuthi sibone ukuxhumana kwenethiwekhi, amatafula womzila, izibalo zesikhombimsebenzisi nolunye uchungechunge lwezinto.
Izibonelo ze-NetStat
netstat -na
Lesi sikrini sizofaka konke ukuxhumana kwe-Intanethi okusebenzayo kuseva nokuxhumeka okusungulwe kuphela.
netstat -an | grep: 80 | hlunga
Khombisa ukuxhumeka kwe-inthanethi okusebenzayo kuphela kuseva ethekwini 80, okuyichweba le-http, bese uhlela imiphumela. Ilusizo ekutholeni uzamcolo owodwa (Isikhukhula) ngakho-ke ivumela ukubona ukuxhumana okuningi kusuka kukheli le-IP.
netstat -n -p | grep SYN_REC | wc -l
Lo myalo ulusizo ukwazi ukuthi mangaki ama-SYNC_RECs asebenzayo avela kuseva. Inombolo kufanele ibe phansi impela, okungcono ibe ngaphansi kuka-5. Ezimweni zokwenqatshwa kokuhlaselwa kwensizakalo noma ukuthumela amabhomu, inani lingaphakama impela. Kodwa-ke, inani lihlala lincike ohlelweni, ngakho-ke inani eliphakeme lingahle lijwayele kwenye iseva.
netstat -n -p | grep SYN_REC | hlunga -u
Yenza uhlu lwawo wonke amakheli we-IP walabo abathintekayo.
netstat -n -p | grep SYN_REC | awk '{phrinta $ 5}' | i-awk -F: '{phrinta $ 1}'
Faka kuhlu wonke amakheli we-IP ayingqayizivele athumela isimo sokuxhuma se-SYN_REC.
netstat -ntu | awk '{phrinta $ 5}' | ukusika -d: -f1 | hlunga | uniq -c | hlunga -n
Sebenzisa umyalo we-netstat ukubala nokubala inani lokuxhumeka kusuka kukheli ngalinye le-IP olwenza kuseva.
netstat -anp | grep 'tcp | udp' | awk '{phrinta $ 5}' | ukusika -d: -f1 | hlunga | uniq -c | hlunga -n
Inombolo yamakheli we-IP axhuma kuseva isebenzisa umthetho olandelwayo we-TCP noma we-UDP.
netstat -ntu | grep ESTAB | awk '{phrinta $ 5}' | ukusika -d: -f1 | hlunga | uniq -c | hlunga -nr
Bheka ukuxhumeka okumakwe OKUSETSHENZISWE esikhundleni sakho konke ukuxhumana, bese ukhombisa ukuxhumana kwe-IP ngayinye.
netstat -plan | grep: 80 | awk {'phrinta $ 5'} | cut -d: -f 1 | sort | uniq -c | sort -nk 1
Khombisa nohlu lwamakheli e-IP nenombolo yawo yokuxhuma exhuma ethekwini 80 kuseva. IPort 80 isetshenziswa kakhulu yi-HTTP yezicelo zeWebhu.
Ungakunciphisa kanjani ukuhlaselwa kwe-DOS
Lapho usuthole i-IP lapho iseva ihlasela khona ungasebenzisa imiyalo elandelayo ukuvimba ukuxhumana kwabo neseva yakho:
iptables -I-INPUT 1 -s $ IPADRESS -j DROP / REJECT
Qaphela ukuthi kufanele ungene esikhundleni se- $ IPADRESS ngamakheli we-IP atholakele nge-netstat.
Ngemuva kokudubula umyalo ongenhla, BULAZA konke ukuxhumana kwe-httpd ukuhlanza isistimu yakho bese uyiqala kabusha kamuva usebenzisa imiyalo elandelayo:
ukubulala -Bulala i-httpd
service httpd qala # For Red Hat systems / etc / init / d / apache2 restart # For For Debian systems
Umthombo: I-Linuxaria
IMozilla iphoqeleka ukuthi ingeze i-DRM kumavidiyo akuFirefox
http://alt1040.com/2014/05/mozilla-drm-firefox
Ngiyazi ukuthi ayihlangene nakancane nokuthunyelwe. Kepha ngifisa ukwazi ukuthi ucabangani ngalokhu. Into enhle ukuthi ingakhubazeka.
Indoda, ngezingxoxo mpikiswano inkundla.
Wena oyindoda ye-iproute2, zama 'ss' ...
Ngivumelana no-Elav, isithangami senzelwe okuthile ... ngeke ngisuse ukuphawula kepha, ngicela, usebenzise izikhala ezihlinzekelwe into ngayinye.
Esikhundleni se-grep, egrep
netstat -anp | grep 'tcp | udp' | awk '{phrinta $ 5}' | ukusika -d: -f1 | hlunga | uniq -c | hlunga -n
por
netstat -anp | egrep 'tcp | udp' | awk '{phrinta $ 5}' | ukusika -d: -f1 | hlunga | uniq -c | hlunga -n
Lokhu kuzoba ngephrojekthi engizoyimisa lapho kunamathuba amaningi okuba yimigomo ye-DDoS
Ngiyabonga kakhulu ngolwazi, muva nje umncintiswano unzima ngale ndaba.