Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
N
N
Nikolay2015-08-20 23:39:45
DDoS Protection
Nikolay, 2015-08-20 23:39:45

How to detect a DoS attack from a virtual server?

Good afternoon.
Please advise on this matter.
I installed a virtual server from the provider, installed ubuntu 14.04 there, installed and configured rails, and launched the application.
Today the provider wrote that they disabled the server's network interface because they detected suspicious network activity:

==
==
IP address:
Port:
Protocol:
===
IP 180.00.16.8.52602 > 183.60.216.208.8080: UDP, length 1019
IP 180.00.16.8.54855 > 183.60.216.208.8080: UDP, length 1019
IP 180.00 180.00.16.8.45276 > 183.60.216.208.8080: UDP, length 1019
IP 180.00.16.8.45276 > 183.60.216.20 IP
183.60.280.20
180.00.16.8.54855> 183.60.216.208.8080: UDP, Length 1019
IP 180.00.16.8.45276> 183.60.216.208.8080: UDP, Length 1019
IP 180.00.16.8.45276> 183.60.216.208.8080: UDP, LengTH 1019
IP 180.00.16.8.45276 > 183.60.216.208.8080: UDP, length 1019
IP 180.00.16.8.54855 > 183.60.216.208.8080: UDP, length 1019
IP 180.00.16.8.45276 > 183.60.216.208.8080: UDP, length 1019
IP 180.00.16.8.45276 > 183.60.216.208.8080: UDP, length
1019 1019
IP 180.00.16.8.45276> 183.60.216.208.8080: UDP, Length 1019
IP 180.00.16.8.54855> 183.60.216.208.8080: UDP, Length 1019
IP 180.00.16.8.45276> 183.60.216.208.8080: UDP, Length 1019
IP 180.00.16.8.45276> 183.60.216.208.8080: UDP, Length 1019
IP 180.00.16.8.54855> 183.60.216.208.8080: UDP, Length 1019
IP 180.00.16.8.45276> 183.60.216.208.8080: UDP , length 1019
IP 180.00.16.8.54855 > 183.60.216.208.8080: UDP, length 1019
IP 180.00.16.8.45276 > 183.60.216.208.8080: UDP, length 1019
IP 180.00.16.8.45276 > 183.60.216.208.8080: UDP, length 1019
IP 180.00.16.8.54855 > 183.60.216.208.8080: UDP, length
1019 1019
IP 180.00.16.8.45276 > 183.60.216.208.8080: UDP, length 1019

Is it possible to determine how DoS attacks got in and started from my server (180.00.16.8)?
How to fix this problem?
ps I'm new to this issue, you can give a link to read about it, how to identify how to protect yourself.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vasily, 2015-08-21
@DobriyJuk

Well, it's theoretically possible. But we need logs and as many as possible. For the period from the first launch to the detection of suspicious activity. I'm afraid that with such questions you'd better go to the ENT (linux.org.ru). The local format is not very suitable.
You can try to determine for yourself. In any case, you must know which connections, from where and / or where should be directed to / from the server. What ports and protocols. Based on this knowledge, you can search for network activity. All access to any server must be strictly regulated. For example, access only via SSH, only from a specific computer. If a web server, open 80,443. The rest should be closed.
In general, you need to narrow your search. And for the future. It is not necessary to use the user OS for the server. If you absolutely must use the deb line, then use Debian. And better CentOS, RHEL.

Similar questions
V
Vladimir Skibin2017-09-07 20:31:51
Where can I get DDoS protection with WebSocket and HTTPS support? 0Reply
J
jc_ua2017-09-13 20:14:45
What type of DDoS attack is this? 0Reply
W
WiNNeR_tig2017-09-29 13:29:44
Set up cloudflare.com right? 1Reply
P
para_noir_in_my_box2020-02-19 09:49:16
How to set up DDoS protection for NGINX or Apache? 3Reply
O
Oleg Petrov2017-11-18 15:40:38
Cloud Flare connection and configuration, how to hide the real IP of the site? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question