in This part i’ll show you a manually way to protect your linux server from DDOs attack , first of all when your server is going down due to a DDOS attack the first thing you need to know is the striker IP address , so to do this i have a couple of commands :
First one :
——————-
netstat -n|grep :80|awk {‘print $5’}| cut -f1 -d: | sort | uniq -c
——————-
second one :
——————-
netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
——————-
Third One :
——————-
netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n | tail
those command are basicaly to show you the stricker ip addres and to know whos attacking your server , once you use one of them u’ll have a liste contain a lot of ip addresses and beside each ip address you will notice a packets that was sent to the server , if the packets are less than 50 it means its a normal connection to your server if it was more than 100 it means that your having a DDOS attack and you must stop it
Now lets stop those kinds of attacks :
First command :
——————-
iptables -A INPUT -s 0.0.0.0 -j DROP
——————-
Second command :
——————-
iptables -I INPUT 1 -p tcp -d 0.0.0.0 –dport 80 -j DROP
——————-
NOTICE : Change The 0.0.0.0 to the attacker IP address that you wanna stop
HOW TO DETECT DDOS ATTACK ?
Monitor internal network traffic and usage of server resources, such as Domain Name Server (DNS) and web server, to detect early traffic spikes and abnormal utilisation of system resources.
Work with Internet Service Providers (ISPs) or security service providers to monitor your Internet traffic at their operation centre.
Log security events and review alerts generated by security system, such as Intrusion Detection System (IDS) or Intrusion Prevention System (IPS), anti-malware solution, Internet gateway and firewall, to detect suspicious activities.
