DDOS Attack

29 Sep

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.

Commands to check the DDOS:


Check the  process ID of  httpd by following command

pidof httpd

then,fire this command

netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

The above command will show a list of  IP’s with there connections then,Check which IP is causing it and then block it.

Then check which databases are utilized more by following command:

mysqladmin pr


These are some important steps to fight against the DDOS.


Additionally More Accurate Way to stop DDOS is as Follows:


For minimizing DDOS attach do follwing Tweaks:

In your CSF configuration check for the following:-

# If you only want to count specific states (e.g. SYN_RECV) then add the states
# to the following as a comma separated list. E.g. “SYN_RECV,TIME_WAIT”
# Leave this option empty to count all states against CT_LIMIT
Remember first check if it is a FIN_WAIT or SYN flood on your server it can be checked by following commands:
netstat -nap | grep FIN_WAIT1
netstat -nap | grep FIN_WAIT1 | wc -l
netstat -nap | grep SYN_RECV
netstat -nap | grep SYN_RECV | wc -l
Now next if the above tweak is not working then follow these steps:
First go with
echo 1 > /proc/sys/net/ipv4/tcp_syncookies


and then

Try with all these IPtables rule , there may other attacks too.
iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp –tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p tcp –tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp –tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp –tcp-flags ACK,FIN FIN -j DROP
iptables -A INPUT -p tcp –tcp-flags ACK,PSH PSH -j DROP
iptables -A INPUT -p tcp –tcp-flags ACK,URG URG -j DROP
service iptables save
service iptables restart


If Still The problem persists try the below mentioned steps:

A] TryDelimiting incoming Request:

iptables -I INPUT -p tcp -m state –state NEW –dport 80 -m recent –name http_flood –set

iptables -I INPUT -p tcp -m state –state NEW –dport 80 -m recent –name http_flood –update –seconds

10 –hitcount 3 -j DROP

iptables -A INPUT -p tcp –dport 80 -j ACCEPT


B] Filtering incomming TCP-SYN requests :


iptables -N syn_flood

iptables -A INPUT -p tcp –syn -j syn_flood

iptables -A syn_flood -m limit –limit 1/s –limit-burst 3 -j RETURN

iptables -A syn_flood -j DROP


C] Limiting the incoming icmp ping request:


iptables -A INPUT -p icmp -m limit –limit  1/s –limit-burst 1 -j ACCEPT

iptables -A INPUT -p icmp -m limit –limit 1/s –limit-burst 1 -j LOG –log-prefix PING-DROP:

iptables -A INPUT -p icmp -j DROP

iptables -A OUTPUT -p icmp -j ACCEPT


Awesome link for installing DDOS stopper
Please refer    


Leave a comment

Posted by on September 29, 2011 in Uncategorized


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: