How to Mitigate a DDoS Attack in Linux
Botnet viruses silently embed themselves on your computer. They're connected to a main botnet execution application that pulls small amounts of computing power, as well as personal information, from the infected machine. If you're running Linux, it's important to know how to prevent your system from a botnet infection and DDoS attacks. If successful, the DDoS attack can stop your Linux machine from operating.
Other People Are Reading
Instructions
-
-
1
Launch the your terminal command line utility program and log in to the Linux machine using the administrative credentials.
-
2
Determine how many HTTP processes are being made on the machine. An unusually high number indicates that your machine is under a DDoS attack. Enter the following command into the terminal:
[root@blessen root# ps -aux|grep -i HTTP|wc -1
23
-
-
3
Find where the attacks are coming from by executing the following command:
bash# netstate -lpn|grep :80|awk '{print $5}'|sort
Consider yourself under attack if you have more than 30 connections from a single IP after the list generated by this command is presented.
-
4
Mitigate and stop the attacking network by executing the following command:
iptables -A INPUT -s <Attacking Network IP> -j DROP
Ensure that you replace "Attacking Network IP" with the actual IP of the offending networks.
-
5
Enable Syscti-based server protection to mitigate from future attacks. This is an option that's built into the Linux operating system. Execute the following commands:
#Enable IP spoofing protection, turn on Source Address Verification
net.ipv4.conf.all.rp_filter = 1
#Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
-
1
