Ubuntu Networking :: Generate Syn Flood Attack In Pc?
Aug 3, 2011I want to test syn flood attack in my pc
but i dnt know how to generate it, can you tell me
how to generate syn flood attack in pc
ADVERTISEMENT
Networking :: System / Script To Detect Outgoing DOS Flood?
Oct 16, 2010I run a Centos server that quite a few people have access to. I trust every user on the system, but i've had problems before like one user's account gets hacked and someone starts using my box to DDOS. Each user has their own ip.. And I would like to write a script or use an existing solution (if one exists) to monitor number of tcp/udp connections each minute and see if it's unusually high. I don't want it to stop the flooding or anything, I just want to be notified by email or something.
View 1 Replies View RelatedNetworking :: Suitable Limit Rates For SYN, LOG & Ping Flood Prevention?
Jun 26, 2011one thing I'm not quite certain about is suitable limit rates for SYN, LOG & ping flood prevention. I suppose it depends a bit on traffic, as well as bandwidth. However, I don't want to limit the former. FWIW, I expect about as much traffic as a country road in the middle of nowhere, and my bandwidth for requests is 15 Mbps (Don't laugh. Content delivery is a pathetic 2 Mbps. That's a residential cable connection for ya...)Of all the tutorials/examples, I chose to go with Rusty Russel's limits, though they're dated 2002. Thus an excerpt of my firewall "script":
Code:
#!/bin/sh
# Saved in /etc/init.d, runlevels 2 3 4 5
[code]...
Networking :: Analyze Network Traffic For Attacks And While Finding The Attack?
Apr 9, 2010I need to learn how to analyze network traffic for attacks and while finding the attack seems easy in my case I need to identify what hes doing. I will be happy right now if you guys can answer my question. How to identify if an attack has brought the server down? I have packet captures of an attack in progress and I noticed that every now and then the attacker would do something weird and the server would start sending packets with just the RST packet sent in response. Normally I had been seeing the RST ACK flags set or the FIN ACK bits set to terminate a connection. So once again my question is how do I tell if the traffic indicates a server crash?
View 1 Replies View RelatedUbuntu :: How To Avoid Flood When Using Gparted
May 15, 2010specs: toshiba lappy
110gb hdd, 1gb ram, core 2 duo 1.6ghz, nvidia 7600
windows xp pro service pack 3
jaunty jackalope
my problem is: i wanted to repartition (shrink xp and create partition for data storage) my hdd using gparted live cd 0.5.2-9. everything went fine until i clicked exit and reboot. after the cd tray automatically ejected i got a flood of "VFS: busy inodes on changed media or resized disk srO". this doesnt stop until i press enter. after that it reboots normally and there is no problem with the os.
my questions: 1) is that flood anything bad, is there a way to avoid this. i read somewhere that the problem is solved when using the terminal sudo eject - then push back the cd tray - then sudo eject -t. i tried that but it said failed because gparted cd is in use.
2) the first time that happened i didnt know what to do, so it flooded like for 15min or more until i pressed enter. my question is if the flood is being saved anywhere on the pc so that i have to delete it?
and a question regarding extended partition: 3) i have 50gb left that i want to use for data storage. i read that you can only have one extended partition. so since there is already one extended partition from ubuntu, i cant have another one for windows? so i can only make the data partition as primary or is there another reason why the "create extended partition" is greyed out?
last question: 4) when i set up the partition for swap i made it 1032gb big but in gparted it shows 980.53mb. is that still enough or why is it like that because somehow the sizes of the partitions seem a bit different than how they originally should be. im actually used in seeing the size shrinking a bit but i found it weird that the ubuntu partition shows 4.76 when it should be 4.5gb. i know its not much different but im just curious to know why..
partitions order: windows - unallocated (-->data partition) - ubuntu (primary) - home folder (extended) - swap
in windows the partitions are shown as: windows xp (31,74gb) - unallocated (50,05gb) - 4,76gb unkown - 24,27gb unkown - 981mb uknown
in gparted: its almost the same, only difference: there is unallocated space (7 or 8mb) between home folder and swap
Ubuntu :: Hyper Transport Sync Flood Error?
Oct 11, 2010Trying to install 10.10 netbook edition on my MSI U230 netbook from a USB drive. Keep getting the error "hyper transport sync flood error occurred on last boot" Press F1 to Resume. F1 causes just a reboot and the same thing happens. Anyone seen this error? It happens with both the netbook and desktop version.
View 9 Replies View RelatedDebian :: Iptables Log UDP Flood Under 64 Packages?
Jan 22, 2011how to do iptables log to file UDP Flood under 64 packages?
View 14 Replies View RelatedServer :: Iptables Configuration For UDP Flood?
Feb 21, 2011Banning the IP is the best way to protect your server but of course, attacker can use another IP and use a lot of your bandwidth until you find and ban the IP. So the only thing we can do to prevent this is, block the packets my iptables length module.
I check the bandwidth usage through "iftop". Incoming traffic is always like 120kb/second and that has to be that way because the traffic enters my server no doubt that it gets dropped by iptables later.
The actual thing what the Ddos ( UDP Flood ) does it that it causes an outbound traffic that eats up like 5mb/second easily and my servers lag. Only if the IP is banned, the outbound traffic comes to an end.
Now I want to use the length module to block it but it just won't work. I've tried the following and shuffled them too but no help.
Code:
iptables -I INPUT -p udp -m length --length 15 -j DROP
iptables -A INPUT -p udp -m length --length 15 -j DROP
Packet length is 15 according to tcpdump:
Code:
19:49:34.504864 IP fms-02.colt.net.belgamanagement.be.56413 > nyc.v1servers.com.20100: UDP, length 15
Ubuntu Networking :: Aireplay-ng - How To Generate ARP
May 20, 2011How to generate ARP since i started aireplay-ng in ARP request replay mode by using the command :
And i got no arp`s. Screen looks like this :
Ubuntu Networking :: Ettercap / Certificate - Turn Off SSL Attack In Ettercap When Not Interested In SSL Information?
Mar 4, 2010I have been playing with Ettercap on my home network, learning about packet forwarding and all such things. Recently, after doing some certificate stuff, Ettercap is performing the SSL attack where it sucks out the password of a user after it issues a fake certificate. How do I turn off the SSL attack in ettercap when I'm not interested in SSL information?
View 1 Replies View RelatedSecurity :: IRC Flood/DDoS Cause A Computer To Freeze?
Nov 10, 2010my computer froze solid, and it would not react to anything. X didn't react to Ctrl+Alt+Backspace, not Ctrl+Alt+Del, so I had to turn it off using the power button.
This is the first time my computer freezes like this, the log files did not reveal any HW errors. Is it possible that someone in the channel did not like my level of Java skill, and flooded me to disconnect?
By the way; Im using slackware 13.1 with the default kernel (2.6.33.4) and irssi as IRC client.
I know that if you eg. ICMP-flood someone, the traffic will be denied and, but can it provoke other behavior from the computer?
So my question is; can a IRC flood/DDoS attack cause a computer to freeze sub zero?
Ubuntu Networking :: How To Generate Default Samba Configuration Files
Sep 1, 2011I had some troubles on samba, so I re-installed it.After I uninstalled samba, I noticed old /etc/samba folder/ files were left, so I deleted all of them. Then I installed samba, however, no /etc/samba files were installed.How can I generate default samba configuration files??
View 4 Replies View RelatedNetworking :: Getting Error When I Try To Generate A Scenario / Sort It?
Nov 27, 2010I installed bonnmotion 1.4 but when I try to generate a scenario, i get the error msg
bm: command not found.
if I replace bm by ~/Bureau/bonnmotion-1.4/bin/bm , I get This error msg :
Exception in thread "main" java.lang.NoClassDefFoundError: edu/bonn/cs/iv/bonnmotion/run/BM
Caused by: java.lang.ClassNotFoundException: edu.bonn.cs.iv.bonnmotion.run.BM
at java.net.URLClassLoader$1.run(URLClassLoader.java:217)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
at java.lang.ClassLoader.loadClass(ClassLoader.java:321)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
at java.lang.ClassLoader.loadClass(ClassLoader.java:266)
Plsss any idea on how to resolve this?
Networking :: How An Agent Itself Generate Trap On Some Particular Situation Arises
Oct 15, 2010how an agent itself generate trap on some particular situation arises
View 1 Replies View RelatedNetworking :: See Whether Wget Can Be Used To Generate Actual Url Hits On A Webpage?
Jan 16, 2011I am trying to see whether wget can be used to generate actual url hits on a webpage. This does not look good so far�. I changed the following lines in /etc/wgetrc to:
Code: http_proxy=http : / /<proxy_ip>:<port>/ use_proxy on Output :
Code: root# wget -c <url>/ > /dev/null
--2011-01-16 12:26:38-- <url>
Connecting to <proxy_ip>:<port>... connected.
[code]....
2011-01-16 12:26:39 (88,9 KB/s) - `index.html.3' saved [50548] This does NOT generate a hit on the actual web page! It does not seem like the, > /dev/null part is working either... How can I get this to work?
Networking :: Generate Snmp Trap To Check High CPU Usage?
Mar 16, 2011I want to generate snmp trap when cpu usage is high..me how to configure snmpd.conf....to generate this trap...
View 2 Replies View RelatedNetworking :: Generate IPv6 Extension Headers Such As (Hop-by-hop, Destinations Options)?
Feb 28, 2010Is there any possible way to generate IPv6 extension headers such as Hop-by-hop, destinations options, etc with linux boxes.
If possible, can any one of you give me the set up details.
Software :: Prevent DNS DoS Attack?
May 30, 2010I have configured a DNS server on my RHEL 5.0 machine.
I have just come across a term Denial-of-Service attack (DoS attack) or Distributed Denial-of-service attack (DDoS attack).
how can I prevent my DNS server from DoS attacks.
Ubuntu Security :: HD Attack Into APT Manager And Folder Permissions
May 24, 2010I may not be a code worrior, yet I have been a Ubuntu convert from Apple for about 3yrs now. Since 1984-2006 now hackers or viruses. And Until now Ubuntu has been clean, well I have been good with repos, etc.
1. Recently I found "Odd" behavior with my Amarok 1.4 player, ffmpeg, winff.
2. During a Synaptic upgrade there were some "unauthorized changes". I have seen this before due to some of my software, so I ignored it. . .
To my bewilderment, "It" erased Amarok 1.4 player, ffmpeg, winff, all image kernels, claimed domain over my system permissions, and external HD. B4 I shutdown, downloaded LUCID 10.4. . . restarted, then copied over all info possible to minimize a complete delete of my system. Upon restart, indeed all kernel images were gone, Only live CD allowed me access to repartition my HD.
NOW. I have Lucid running, and have been denied access to my external HD and partitioned (internal HD). I used Nautilus to copy over files to my internal laptop HD, yet permissions continue to be an issue. The INFECTED FOLDERS are owned by "User 999-user#999. I must micro manage every folder and file to gain "partial permission". The dialog box stutters and never allows me to go down to "Root"
Ubuntu Servers :: Defend Against A Scripted Attack On Apache2?
Jul 28, 2010I have a LAMP server that has been up for a month or so before I get stuff like this:
Code:
60.12.233.54 - - [24/Jul/2010:22:46:07 -0400] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 895 "-" "ZmEu"
[code]...
Ubuntu Security :: MITM Attack - TLS Renegotiation Vulnerability
Sep 28, 2010Using Opera 10.61 and 10.62, I find that any secure website I access, such as a bank, the lock icon in the address bar is replaced by a question mark. Clicking on it brings up a window, stating that the connection is not secure, that the server does not support TLS Renegotiation. Doing some internet searches for "opera tls renegotiation" brought me to a page at the Opera website, where they discuss this issue. The issue is generic, not limited to Opera, affecting the TLS protocol, and it potentially enables a man-in-the-middle to renegotiate a "secure" connection between a server and client, issuing own commands to the server. Opera has addressed the problem on the client end, but now servers need to be upgraded too. None of the HTTPS sites I have tried have upgraded their servers, if the information provided by the Opera browser is correct.
My questions: how feasible is such a MITM attack, what level of resources would such an attack require? What, if anything, would the attacker need to know about the client and/or server to mount the attack? Would I be better off using Firefox, or is Firefox simply oblivious of the problem and not issuing warnings for that reason?
Ubuntu Security :: Broke Into Computer - Verify Attack?
Dec 28, 2010mpg123 suddenly started playing a police siren occationly. I checked the process once I heard it, and root was the process owner. How could this happen? Have someone broke into my computer? If so - how could I verify an attack? I run Ubuntu 9.10.
View 2 Replies View RelatedGeneral :: Track DoS Attack With Apache?
Jul 21, 2011Last day i have faced an attack on Apache/2.2.14 (Ubuntu).A user shoots 53 hits within 20 seconds from same IP and as a result db connections to MySQL increased.
a.) Is there any way in Apache to block these type of requests
b.) how can we trace when this type of attack happened to Apache.
Also I have noticed an entry in Apache error log during attack period
Error Log
[Wed Jul 20 20:28:49 2011] [debug] proxy_util.c(1806): proxy: grabbed scoreboard slot 0 in child 753 for worker http://localhost:8294/
[Wed Jul 20 20:28:49 2011] [debug] proxy_util.c(1825): proxy: worker http://localhost:8294/ already initialized
[Code].....
General :: Simulating Blackhole Attack In Ns-29
Apr 21, 2010I want to implement blackhole attack in ns-2 using the aodv protocol. I dont know how implement and i dont have code(c and tcl)
View 1 Replies View RelatedUbuntu Security :: Firestarter Howing Attack From Samba Service
Mar 17, 2010I got alarm on Firestarter showing attack from samba service on port 139 . Is that ok for my host computer ? or a serious attack .
View 9 Replies View RelatedSecurity :: Centos 5.5 Server - How To Protect From Outside Attack
Dec 21, 2010I have just configured Centos 5.5 LocalMailServer with fetchmail and sendmail , Proxy with Squid and FileServer with samba. Now my concern is security.. How can i protect my server with outside attack. Will I need to block some ports or I need special tools or script so no one from outside can attack my machine. My machine is working on intranet with local ip only.. No web server or static ip exists. Machine is connected with ADSL router to access internet.
View 5 Replies View RelatedSecurity :: Track DDoS Attack On A Server?
Jan 25, 2011how can I track a Dos and DDoS attack on a server . Does linux have any goiod known command line utilities and log files to us e in this way?
View 1 Replies View RelatedSecurity :: NSA On Computer Network Attack & Defense
May 3, 2010Quote:
The 605-page PDF document reads like a listing of the pros and cons for a huge array of defensive and counterintelligence approaches and technologies that an entity might adopt in defending its networks. Of particular interest to me was the section on deception technologies, which discusses the use of honeynet technology to learn more about attackers� methods, as well as the potential legal and privacy aspects of using honeynets. Another section delves into the challenges of attributing the true origin(s) of a computer network attack.
Security :: Sample Attack On Honeypot System?
Nov 23, 2010I have implemented two machines one for honeypot(192.168.100.10) and another(192.168.100.20) to remotely log the honeypot log file using syslog. Inside honeypot I emulated another 3 machines with services on virtual IPs of that same block.Now honeypot is working and I can see the logs generating as I did a portscan(nmap) on those virtual IPs from .20 machine.All of the machines are running ubuntu.
But does anyone know any s/w or tools which originally attackers use so that I can get a clear picture of what happens from the logs. Having problems creating these attack scenarios.
Security :: Program To Stop DDOS Attack?
May 30, 2011i have 1 question no more because i got many ddos attack and my load is 95++ what is the best program to stop DDOS Attack ?
View 14 Replies View Related