Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
Nikolay2015-08-20 23:39:45
DDoS Protection
Nikolay, 2015-08-20 23:39:45

How to detect a DoS attack from a virtual server?

Good afternoon.
Please advise on this matter.
I installed a virtual server from the provider, installed ubuntu 14.04 there, installed and configured rails, and launched the application.
Today the provider wrote that they disabled the server's network interface because they detected suspicious network activity:

==
==
IP address:
Port:
Protocol:
===
IP 180.00.16.8.52602 > 183.60.216.208.8080: UDP, length 1019
IP 180.00.16.8.54855 > 183.60.216.208.8080: UDP, length 1019
IP 180.00 180.00.16.8.45276 > 183.60.216.208.8080: UDP, length 1019
IP 180.00.16.8.45276 > 183.60.216.20 IP
183.60.280.20
180.00.16.8.54855> 183.60.216.208.8080: UDP, Length 1019
IP 180.00.16.8.45276> 183.60.216.208.8080: UDP, Length 1019
IP 180.00.16.8.45276> 183.60.216.208.8080: UDP, LengTH 1019
IP 180.00.16.8.45276 > 183.60.216.208.8080: UDP, length 1019
IP 180.00.16.8.54855 > 183.60.216.208.8080: UDP, length 1019
IP 180.00.16.8.45276 > 183.60.216.208.8080: UDP, length 1019
IP 180.00.16.8.45276 > 183.60.216.208.8080: UDP, length
1019 1019
IP 180.00.16.8.45276> 183.60.216.208.8080: UDP, Length 1019
IP 180.00.16.8.54855> 183.60.216.208.8080: UDP, Length 1019
IP 180.00.16.8.45276> 183.60.216.208.8080: UDP, Length 1019
IP 180.00.16.8.45276> 183.60.216.208.8080: UDP, Length 1019
IP 180.00.16.8.54855> 183.60.216.208.8080: UDP, Length 1019
IP 180.00.16.8.45276> 183.60.216.208.8080: UDP , length 1019
IP 180.00.16.8.54855 > 183.60.216.208.8080: UDP, length 1019
IP 180.00.16.8.45276 > 183.60.216.208.8080: UDP, length 1019
IP 180.00.16.8.45276 > 183.60.216.208.8080: UDP, length 1019
IP 180.00.16.8.54855 > 183.60.216.208.8080: UDP, length
1019 1019
IP 180.00.16.8.45276 > 183.60.216.208.8080: UDP, length 1019

Is it possible to determine how DoS attacks got in and started from my server (180.00.16.8)?
How to fix this problem?
ps I'm new to this issue, you can give a link to read about it, how to identify how to protect yourself.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vasily, 2015-08-21
@DobriyJuk

Well, it's theoretically possible. But we need logs and as many as possible. For the period from the first launch to the detection of suspicious activity. I'm afraid that with such questions you'd better go to the ENT (linux.org.ru). The local format is not very suitable.
You can try to determine for yourself. In any case, you must know which connections, from where and / or where should be directed to / from the server. What ports and protocols. Based on this knowledge, you can search for network activity. All access to any server must be strictly regulated. For example, access only via SSH, only from a specific computer. If a web server, open 80,443. The rest should be closed.
In general, you need to narrow your search. And for the future. It is not necessary to use the user OS for the server. If you absolutely must use the deb line, then use Debian. And better CentOS, RHEL.

Similar questions
N
newaitix2018-07-24 15:57:41
Protection from bad bots / ddos ​​protection? 2Reply
T
TillTill2016-04-07 12:31:16
How do I know if a site is using DDoS protection provided by a third party service? 1Reply
D
dmitryfx2021-12-30 05:28:16
How to protect yourself from scanning/DDoS on shared hosting? 1Reply
P
Pavel2016-06-01 10:35:47
What values ​​to specify in ISP in andti ddos? 1Reply
T
tex6202018-11-02 08:34:19
Find out the source of a ddos ​​attack? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question