I have network of 10 computer with Linux operating system. I have noticed that Network becomes very slow after some time, is there any setting in linux or rule in iptables to detect dos attempts.
I have network of 10 computer with Linux operating system. I have noticed that Network becomes very slow after some time, is there any setting in linux or rule in iptables to detect dos attempts.
Symantec ManHunt Flow Alert Rules can be configured quickly and applied immediately without any time dedicated to compiling. When Symantec ManHunt detects a Flow Alert Rule violation, the administration console displays the "Flow Policy Rule Violation" event title and the source and destination IP addresses.
Check this for more information : Symantec ManHunt
The iptables tool is a magnificent means of securing a Linux box. But it can be rather overwhelming. Well you should be seeing massive amounts of connection attempts if it is a DoS/DDoS, so that part is easy to detect from the logs. If your services (like Apache) are reporting hundreds of access attempts in a short period, then it is pretty obvious.
psad software detect the IP addresses of attackers in case of a a denial of service (or DOS) attack. It is a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options, email alerting, DShield reporting, and automatic blocking of offending IP addresses via dynamic configuration of iptables firewall rule sets.
Bookmarks