If your server is currently under DDoS attacks please do the following command: 

tcpdump -nn -vvv -c 10000 -w ddos-`date +%F_%T`.pcap

And send us the file ddos.pcap that should be in the root folder, this way it will be faster for us to analyze the attack and block it.

 

note:

-bash: tcpdump: command not found ?

install tcpdump use yum or apt example : yum install tcpdump or apt install tcpdump

 

 

need edit : sysctl.conf 

net.ipv4.ip_local_port_range=32768 61000

net.ipv4.tcp_dsack=0

net.ipv4.tcp_ecn=0

net.ipv4.tcp_fack=0

net.ipv4.tcp_fin_timeout=1

net.ipv4.tcp_keepalive_intvl=10

net.ipv4.tcp_keepalive_probes=3

net.ipv4.tcp_keepalive_time=30

net.ipv4.tcp_low_latency=1

net.ipv4.tcp_max_orphans=524288

net.ipv4.tcp_max_syn_backlog=1024

net.ipv4.tcp_no_metrics_save=1

net.ipv4.tcp_retries2=10

net.ipv4.tcp_sack=1

net.ipv4.tcp_slow_start_after_idle=0

net.ipv4.tcp_synack_retries=3

net.ipv4.tcp_syncookies=2

net.ipv4.tcp_timestamps=1

net.ipv4.tcp_tw_recycle=1

net.ipv4.tcp_tw_reuse=1

 

net.ipv4.tcp_window_scaling=1



dimanche, juillet 14, 2019





« Retour