OT: (D)DoS attack mitigation
Patrick O'Callaghan
pocallaghan at gmail.com
Sun May 25 04:52:30 UTC 2008
On Sat, 2008-05-24 at 22:51 -0400, Temlakos wrote:
> Patrick O'Callaghan wrote:
> > On Sat, 2008-05-24 at 17:41 -0400, Temlakos wrote:
> >
> >> Anyone have a line on things that a root-accessed server admin can do to
> >> stop a (D)DoS attack?
> >>
> >
> > A DDOS attack on what? What services are you running that might be
> > attacked? Are all unnecessary ports closed?
> >
> > poc
> >
> >
> The attack, if that's what it is, is against Web service (Apache) at
> port 80. It's a Wiki site, on a server running CentOS 5. The site seems
> to be running again, but a few hours ago I was getting connection
> resets, timeouts, and "can't find server" messages. And at one point, my
> Web host said that the apache system account was making too many requests.
Resets, timeouts and "not found" messages are usually indicative of
overloading at the network level. If the DDOS is simply swamping your
input, there's really nothing to be done within your system except wait
it out. Any countermeasures will have to be at the ISP level.
> I just installed wireshark, but now I can't get wireshark to start:
> "command not found." What directory is that supposed to install in?
'rpm -ql wireshark' will list all the files in the package. The
executables are usually at the top.
poc
More information about the fedora-list
mailing list