Search Results for "service attacks"

pfck is a perl script that reads the state table of pf and reports back flows based on a supplied port number. pfck is very handy in ddos attacks to identify who's hitting a host or network on a particular port service, and who they are specifically hitting.

Assuming a firewall (whether in hardware or in software via IPTables / IPChains / or another software firewall), then the bulk of your nefarious traffic is (hopefully) already being taken care of. However, what slips through, on legitimate ports, can sometimes be denial of service attacks. A truly distrubuted denial of service attack is something for where there exists no known solution (at least at this time). However, a single user dos (or a small number of users working together) can effectively be thwarted if your pipe (internet connection) is large. Running on a short cycle (such as 1 minute), ddos_delfate ege can detect nefarious IP's that have bombarded a port with a tremendous number of connections (in a soho environment, 100 connections from a single IP that is not in your LAN constitutes a 'big red warning flag', but you can set this connection limit to your liking in the config file).

Gardol monitors system log files to detect denial of service and other attacks and blocks attacking sites with Linux iptables. Attack detection rules may be programmed in Perl.