SSANZ
Depending on what type of traffic and also what type of attack it is you may need to reconfigure a number of system variables to prepare the system for extra load as it processes which connection is technically " fake ".
There are a number of tools -
Check to see if it is an attack - ::
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
Apache -
Mod_evasive
httpd.conf - reconfiguration ( timeout, keepalive, server spawn )
Connection Monitoring -
netstat -
- Run these commands to seek all connections on port 80, with type SYN.
netstat -n | grep :80 |wc -l
install bwm-ng ( bandwidth monitor )
sysctl.conf - hardening/reconfiguration. Helps the box handle extra load as connections are being processed.
Enable syncookies as well via echo 1 > /proc/sys/net/ipv4/tcp_syncookies
No comments:
Post a Comment