====== Distributed Denial of Service Attacks ======

See also **[[networking:firewall:csf|ConfigServer Security & Firewall (CSF)]]**

http://www.opensourceforu.com/2011/04/securing-apache-part-8-dos-ddos-attacks/

Good Info on SYN Flood Issue: http://security.stackexchange.com/questions/15368/syn-flooding-issue

http://365hostingsupport.com/blog/dos-how-to-check-it/

http://linuxstuffs.wordpress.com/2009/10/25/drop-syncddos-attack/

http://365hostingsupport.com/blog/dos-how-to-check-it/

===== Are You Under Attack? =====

:!: You may want to change the port ''80'' to some other port.

<file>
netstat -alpn | grep :80 | awk '{print $4}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -n
</file>

Which IP address of your server is targeted by the DDoS attack:

<file>
netstat -plan  | grep  :80 | awk '{print $4}' | cut -d: -f1 |sort |uniq -c
</file>

From which IPs the attack is coming:

<file>
netstat -plan  | grep  :80 | awk '{print $5}' | cut -d: -f1 |sort |uniq -c
</file>

===== CSF Firewall =====

https://www.supportsages.com/configure-csf-prevent-ddos-attacks/

===== Apache Logs Viewer =====

  * Windows Application
  * Analyzes Apache or IIS Logs

http://www.apacheviewer.com/index.php

===== DDoS Deflate =====

http://deflate.medialayer.com/