Ubuntu :: Does 10.04 LTS Protect You From DDoS/Dos Attacks?

Oct 31, 2010

I was just wondering if you were to get DDoSed/Dosed would ubuntu block the packets or protect you in some way?

View 1 Replies


Security :: Prevent Ddos Apache Attacks?

Jan 25, 2011

recently my Apache server crashes very often; by watching the error log,I've notice several signs of intrusion.So, I think the problem can be a denial of service attack against my machine.My distribution is Debian Lenny.

View 2 Replies View Related

Security :: HOW TO Protect From VPN Attacks

Jun 1, 2011

I would like to know how to protect networks against VPN attacks? How does big industries do it? What does the government tend to use? Are any tools open source that I may get?

View 1 Replies View Related

Security :: IRC Flood/DDoS Cause A Computer To Freeze?

Nov 10, 2010

my computer froze solid, and it would not react to anything. X didn't react to Ctrl+Alt+Backspace, not Ctrl+Alt+Del, so I had to turn it off using the power button.

This is the first time my computer freezes like this, the log files did not reveal any HW errors. Is it possible that someone in the channel did not like my level of Java skill, and flooded me to disconnect?

By the way; Im using slackware 13.1 with the default kernel ( and irssi as IRC client.

I know that if you eg. ICMP-flood someone, the traffic will be denied and, but can it provoke other behavior from the computer?

So my question is; can a IRC flood/DDoS attack cause a computer to freeze sub zero?

View 4 Replies View Related

Security :: Track DDoS Attack On A Server?

Jan 25, 2011

how can I track a Dos and DDoS attack on a server . Does linux have any goiod known command line utilities and log files to us e in this way?

View 1 Replies View Related

Security :: Program To Stop DDOS Attack?

May 30, 2011

i have 1 question no more because i got many ddos attack and my load is 95++ what is the best program to stop DDOS Attack ?

View 14 Replies View Related

Server :: Iptables Rate Limiting For Ddos?

Mar 6, 2011

I have about 5 machines that are under Ddos daily and I use rate-limit for Iptables to protect that and it works good.My UDP ports 20100 to 20400 are actually under Ddos so these are the commands I use:

A INPUT -p udp -m udp --dport 20100:20500 -m state --state NEW -m recent --set --name DEFAULT --rsource


View 5 Replies View Related

Red Hat / Fedora :: Check Ddos Attack On A IPtable Firwwall?

Oct 2, 2010

I have linux firewall configured. I want to check the stress tecting on this firewall. is there any way to launch attack of DDOS or other attack which try to make the firewall busy ?

View 2 Replies View Related

Security :: Reflective DDos ( DrDoS ) Test Tool?

Mar 2, 2011

Well someone has been putting up this attack on my game-server ports. For those of you who don't know what type of attack this is, so its an attack which is actually masked to us because the attacker uses his machine to send packets to a machine called source which reflects the packets to destination. Based on this, the UDP port under Flood at the destination starts making outgoing connections to that IP and gets rejected which uses up more than 5mb/second bandwidth instantly.

I've worked out on some security for this and now need a tool to test this against my machine. I've used PentBox but that's not really powerful to do anything. As I search Google, I find something called Trinoo but can't download or test it.

View 6 Replies View Related

Security :: Is Server Under DdOS Attack - Not Having Much Load And Only Few Process Runs But Site Opens Very Slow

Aug 5, 2010

I have a server and i think that my server is under Ddos attack. i see that server is not having much load and only few process runs but my site opens very slow. i executed the following command on my ssh:


View 7 Replies View Related

General :: Vulnerable To PDF Attacks?

May 12, 2011

I've heard of attacks using PDF files on Windows with Adobe Acrobat and Foxit Reader. Is Linux vulnerable to these attacks when using the default PDF viewers in KDE or Gnome or even xpdf? What is a good PDF scanner to determine if a PDF file is evil?

View 2 Replies View Related

General :: Detect DoS Attacks / Manually Block IP On Ubuntu?

Sep 14, 2011

I have a VPS with Ubuntu. I host a small website (~10 visitors at the same time). Sometimes the website starts lagging. It lags so bad that my SSH connection starts lagging too. Running top says that 2 instances of apache2 take up 50 %CPU each.

I assume this is a DoS attack. I've copy-paste installed a few iptables scripts that made sense, but this has not helped. I installed libapache2-mod-evasive -- I'm sure it blocks the attacker, but I'm still lagging.

What can I do? Can I at least find the IP of the attacker? I have strong experience with Linux, but almost zero experience with being a server admin.

View 2 Replies View Related

Ubuntu Security :: Block PHP Injection Attacks With Fail2ban

Apr 12, 2010

I'm trying to implement this method to block php injection attack using fail2ban: here it is, however I'm not sure it applies to Ubuntu. You see, there's this filter that must be added to the fail2ban jail file:

HTML Code:
enabled = true
port = http,https
filter = php-url-fopen


View 7 Replies View Related

Ubuntu Security :: SSH Pubkey Authentication And MITM Attacks

Jan 6, 2011

Given that my public key is a pre-shared secret is sshd made in a way that this negates the possibility of a man in the middle attack? In other words, if the known_hosts file were to be deleted, would it be safe to ignore the fingerprint of a server that already has my public key in authorized_keys?

View 5 Replies View Related

Debian :: Protection Against Incoming Attacks?

Mar 5, 2011

I'm using Debian 6 to host a website (with apache2) and a game server. But because of attacks to my server, my hosting company have now set it offline.

These are the two logs that they provided (I replaced all IPs):
Direction IN
Internal ***.***.***.***


View 4 Replies View Related

Security :: How To Find The Trace Of The Attacks

Dec 30, 2008

I fear that an attack or an entry in my PC has occured, how to find the trace of the attacks.

View 3 Replies View Related

Fedora Networking :: VPS - Blocking HTTPD DOS Attacks?

Apr 6, 2010

I have a VPS which is running HTTPD, and its getting blown to bits by a DOS Attack. Turns out mod_evasive is totally useless (due to not running a total - rather counting per child process) and the only way to stop the box from running at 100% on all cores is to term HTTPD. So, what rules can I implement on the iptables firewall to block multiple requests from an IP? I saw this: [URL] Where someone has posted some rules but these dont work ("unknown error 4294967295" on the 3rd line). This is what i'm after though - block multiple requests from a single IP for a certain period of time.

View 3 Replies View Related

General :: How To Stop Pop3 Brute Force Attacks

Mar 31, 2011

I have a mail server running RHEL, with postfix, dovecot, etc. I installed Fail2ban and this works wonders against SSH brute force attacks. It'll ban an IP address for a period of time if it unsuccessfully attempts to log on 3 times within, say a minute. I was wondering if it can be as effective with pop3 attacks. If it is, how can I get it done?

View 1 Replies View Related

Security :: Researchers Working Toward Processor-Specific Attacks?

Nov 10, 2010

With the disappearance of an OS monoculture, attackers would do well to find attacks that are neither OS or application specific. One way to do that, of course, is to target attacks at hardware, rather than software. Now research out of Frances Ecole Superiore d'Informatique, Electronique, Automatique (ESIEA) moves a step closer to that goal: identifying a method for isolating the processor used by anonymous systems for the purpose of subverting that hardware.

View 2 Replies View Related

Server :: Lessen Impact Of Bandwidth Attacks With IPTables Or APF?

Apr 26, 2011

My server has been the repeated victim of bandwidth attacks: any large file on the server is downloaded repeatedly, with the goal of pushing the server over the provider's bandwidth limit. How can I lessen the effect of these kinds of attacks with IPTables or APF? For example, can I set the server to: Is this possible? Is there a more effective way, and can a firewall even do this? My web server is Lighttpd, perhaps I can place such a rule directly in its config?

View 1 Replies View Related

Ubuntu Servers :: Iptables To Rate-limit Brute Force Attacks On SSH Server?

Sep 30, 2010

I have a SSH server set up at home listening on port 22. I have hardened the server so it is pretty secure but I want to make it even safer by editing my iptables to rate-limit incoming connections and DROP false login attempts. I have tried these tutorials but I just cant get it to work:[URL]I want the debian-administration.org tutorial to work but when I try to add the first rule in terminal:sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --setI get the following:Bad argument --set'I am new to iptables and I'm not sure if I'm doing something wrong when I try to set it up. I'm using Ubuntu 10.04.1 LTS with iptables v1.4.4.

View 6 Replies View Related

Ubuntu Security :: Pen Test IIS - Methods To Simulate Attacks To Check HIPS Detects?

Jan 27, 2011

I need to do a pentest on a Microsoft IIS webserver to test the efficiency of the HIPS i have installed on. methods to simulate attacks so that i can check if the HIPS will detect them?

View 4 Replies View Related

Debian Configuration :: Root Attacks Due To Security Breach In Exim4?

Jan 21, 2011

My debian server has been attacked due to a security breach in exim4 4.69-9 (probably applies to loads of other versions too). The security breach allows the attacker to get root access by creating a buffer overflow in a header which then can be used to inject code.


The securtiy breach is fixed with 4.69-9+lenny1 I want to share my actions with you on what I did to (hopefully) get rid of it. However at the time of writing this, the above website is down due to too much load (DDOS Attack?). How you can check if you've been attacked:

The attack creates a buffer overflow in exim4, which results in paniclog entries.

$ cat /var/log/exim4/paniclog
2010-12-17 07:34:11 string too large in xxxyyy()
2010-12-19 10:42:10 string too large in xxxyyy()

this would be an example of two attacks. One on 2010-12-17 and the other two days later 2010-12-19.with this information you can start find potentially infected files. There may be a better way, but I searched for them with this command:

$ find / -mtime 31 2>/dev/null # files,directories,links created 31 days ago (i.e. 2010-12-17)

My infected files:



View 4 Replies View Related

Networking :: Analyze Network Traffic For Attacks And While Finding The Attack?

Apr 9, 2010

I need to learn how to analyze network traffic for attacks and while finding the attack seems easy in my case I need to identify what hes doing. I will be happy right now if you guys can answer my question. How to identify if an attack has brought the server down? I have packet captures of an attack in progress and I noticed that every now and then the attacker would do something weird and the server would start sending packets with just the RST packet sent in response. Normally I had been seeing the RST ACK flags set or the FIN ACK bits set to terminate a connection. So once again my question is how do I tell if the traffic indicates a server crash?

View 1 Replies View Related

Security :: Advanced Firewall And Testing - Block Certain Kinds Of Attacks?

Dec 14, 2010

I launched my website. At the moment the site has an firewall (iptables) enabled with very simple rules. All incoming traffic is blocked, except for the ports http and ssh. Everything is working perfect, but I want also to be able to block certain kinds of attacks. There are some really good examples on the internet, but I don't now if they contain all kinds of attacks which are relevant to my situation. To be clear, I only server web content through port 80 and use ssh to remote login.

View 3 Replies View Related

Security :: My Server - Deb5 And Plesk10 - Is Involved - Causing - In Brute Force Attacks

May 6, 2011

I am ashamed that I am causing other people troubles, but apparantly my server is involved in attacking the servers of other people.

I have to admit that I am not too familiar with using a CLI, or Linux for that matter, but I have a Debian server running under Plesk 10, which is colocated.

Now I have received messages from the datacenterm which state that my server is involved in brute force attacks.

The messages show a lot of lines like this:


The only I get from my hoster is to back up all domains and re-install the machine.

I want to resolve this asap, but do not agree with that action for two reasons: the machine just had a fresh re-install 2 months ago, so if it is a flaw in the OS, I will get the same flaw back, and if it is not OS related but due to a domain, I will get the problem back by putting back the backed-up domains.

But now I'm stuck: what steps should I follow to try and find the cause of this evil and make sure that my machine will not bother other machines anymore?

I realize that this probably will be a steep learning-curve, but please bare with me and help me to resolve this.

What have I done so far?

1) There are a number of live sites on this server, either running WordPress or Joomla, I have made sure they are all updated to the latest release.

2) I have manually looked at the source code of the index-files of those sites, haven't seen anything strange, like redirects.

3) I have used online scanners to check all sites for malware, all have been reported back to be clean.

4) I have run the Plesk-version of RKhunter, and that gives me certain warnings which I cannot (or do not) understand:




I received the first report of these attempts about a week ago and immediately changed the Plesk/SSH password to a 200bit password generated with KeePass, hoping that would keep out any evildoers.

View 14 Replies View Related

General :: Secure Box - Authentication Failure - Long Strong Password Can Stop To Prevent From Attacks?

Mar 17, 2010

we are using linux email server axigen past few years. we keep port open ssh and pop,smtp webmail etc. ssh use for remote trouble shooting. so through firewall it is globally accessable. we notice many attacks coming to our machine, also some people try to enter in our system but failure. as example see below a log come in messages file

Mar 17 09:19:50 sa1 sshd(pam_unix)[21231]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost= user=root how we can secure more. as per my understanding only good long strong password can stop to prevent from attacks.

View 5 Replies View Related

Ubuntu :: 10.04 How To Protect Grub Entries

May 19, 2010

In ubuntu 10.04 how to protect Grub Entries...?

View 3 Replies View Related

Ubuntu Security :: Does Firestarter Protect Out Of Box?

Sep 15, 2010

I was wondering if firestarter (software firewall) works out of the box or does it need some kind of configuration in order for it to provide protection? Is firestarter even needed with ubuntu?

View 6 Replies View Related

Ubuntu :: Password Protect USB Ports

Oct 20, 2010

does anyone know how to password protect the USB ports so if someone were to plug something in that is USB Ubuntu would ask for root password before allowing access to the device.

View 4 Replies View Related

Copyrights 2005-15 www.BigResource.com, All rights reserved