Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- _____ _____ _ _____ _____ _____ _____ _____ _____
- ___| | __ |_| _ |_ _|___ ___|_ _| __| _ | |
- |_ -| --| -| | __| | | |- _|___| | | | __| | | | |
- |___|_____|__|__|_|__| |_| |___| |_| |_____|__|__|_|_|_|
- |s C R i P T z - T E A M . i N F O|----------------------------
- - iNfO -
- [SERVER] Detecting DNS Amplification DDoS Attack
- - NOtIcE -
- Login to server console and type:
- To detect:
- tcpdump -n udp dst port 53|grep ANY > ddos.log
- cat ddos.log|awk {'print $3'}|cut -d: -f 1|cut -d. -f -4|sort|uniq -c|sort -nk 1
- Or detect v2:
- tcpdump -n udp dst port 53 > ddos.log
- cat ddos.log|awk {'print $3'}|cut -d: -f 1|cut -d. -f -4|sort|uniq -c|sort -nk 1
- CMD for src+dst packets:
- tcpdump -n udp port 53
- CMD for source packets:
- tcpdump -n udp src port 53
- CMD for destination packets:
- tcpdump -n udp dst port 53
- Clean output with IPs:
- tcpdump -nS -p udp
- If you see there some weird traffic your server is used to be pard of one bigger DDoS.
- Or you can be DDoS.
- ---------------------------------------------------
- tcpdump => command allowing us to see in/out packets
- udp => user datagram protocol
- dst => destination
- src => source
- port 53 => this is to view port 53
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement