Table of Contents

Distributed Denial of Service Attacks

See also ConfigServer Security & Firewall (CSF)

http://www.opensourceforu.com/2011/04/securing-apache-part-8-dos-ddos-attacks/

Good Info on SYN Flood Issue: http://security.stackexchange.com/questions/15368/syn-flooding-issue

http://365hostingsupport.com/blog/dos-how-to-check-it/

http://linuxstuffs.wordpress.com/2009/10/25/drop-syncddos-attack/

http://365hostingsupport.com/blog/dos-how-to-check-it/

Are You Under Attack?

:!: You may want to change the port 80 to some other port.

netstat -alpn | grep :80 | awk '{print $4}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -n

Which IP address of your server is targeted by the DDoS attack:

netstat -plan  | grep  :80 | awk '{print $4}' | cut -d: -f1 |sort |uniq -c

From which IPs the attack is coming:

netstat -plan  | grep  :80 | awk '{print $5}' | cut -d: -f1 |sort |uniq -c

CSF Firewall

https://www.supportsages.com/configure-csf-prevent-ddos-attacks/

Apache Logs Viewer

http://www.apacheviewer.com/index.php

DDoS Deflate

http://deflate.medialayer.com/