conxion
07-07-2006, 21:55
anh em nào có server thì thử xem sao, rồi post kết quả lên đây để mọi người tham khảo với nha, tớ mới tìm ra, chưa kịp xem nó là cái gì nữa:
It all started when MediaLayer was in need of a script to automatically mitigate (D)DoS attacks. The necessity started when MediaLayer was the target of a rather large, consistent attack. The attack was originating from multiple IP addresses, however a pattern was found. Each IP would have a large amount of connections to the server, as shown as by:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
It became a general practice for us to be blocking IPs with a large amount of connections, but we wondered if we could get this automated. Zaf went right to work in making a script to mitigate this kind of attack. We kept on improving to meet our own needs and eventually posted it on Defender Hosting's Forum. (D)DoS-Deflate is now recognized as one of the best ways to block a DDoS attack at the software level.
Link: http://projects.medialayer.com/ddos.html
It all started when MediaLayer was in need of a script to automatically mitigate (D)DoS attacks. The necessity started when MediaLayer was the target of a rather large, consistent attack. The attack was originating from multiple IP addresses, however a pattern was found. Each IP would have a large amount of connections to the server, as shown as by:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
It became a general practice for us to be blocking IPs with a large amount of connections, but we wondered if we could get this automated. Zaf went right to work in making a script to mitigate this kind of attack. We kept on improving to meet our own needs and eventually posted it on Defender Hosting's Forum. (D)DoS-Deflate is now recognized as one of the best ways to block a DDoS attack at the software level.
Link: http://projects.medialayer.com/ddos.html