Results 1 to 4 of 4
Hello, a NodeWatch software i have on linux VPS host server notiffied me about possible DDoS saying: Nodewatch on MyHostname: Possible DoS VPS VMID (VPSIPHere): 168707 pps during 5 second ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 10-06-2013 #1
High packets per second, how to determine app/cause
Hello, a NodeWatch software i have on linux VPS host server notiffied me about possible DDoS saying: Nodewatch on MyHostname: Possible DoS VPS VMID (VPSIPHere): 168707 pps during 5 second interval
Please how i can monitor, determine the application which caused this high PPS (packed per second)? so next time i know which app or IP caused it?
- 10-09-2013 #2
You could create a firewall rule to log packets above a certain number then you would see what program is doing it.
Or you could also create a rule to drop packets after they reach a limit then then the program that isn't working is it.
Option one is the best but options 2 is faster.
The adventure of a life time.
Linux User #296285
- 10-10-2013 #3
Thx, Im newbie, i know i have iptables, but i only know how to add/remove IP port from it. Looked for some iptables generators, but im unsure how these packet log rules should look like?
Last edited by postcd; 10-10-2013 at 10:30 AM.
- 10-13-2013 #4
- Join Date
- Oct 2013
Yup, like the esteemed Guru says "...a firewall rule".
You are going to use some different features of netfilter-iptables (i.e.- limit module).
iptables -t filter -I INPUT "num_val" -i ppp0 -m limit --limit-burst 9999 -j LOG --log-ip-options --log-prefix 'dos'
ps-depending on the distro, fwbuilder (a UI) is better suited for your needs...maybe, probably, idunno
Last edited by ArtFewer; 10-13-2013 at 03:02 AM.