Linux block IP Simple defense UDP attack _linux

Research cause in recent days my VPS suffered attacks, whether it is win or Linux are suffering from UDP attacks, traffic surges will down machine, which makes me very angry, very want to know who did it

Now say my local test VPS configuration centos6.0

1. We want to see the source of these traffic attacks, so we need to download iftop

Address wget http://www.ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz

When you install it, you find make error and the last thing you need is the following package

To install the required dependent packages on the CentOS:

Yum Install Flex BYACC libpcap ncurses ncurses-devel libpcap-devel

Install the required dependent packages on Debian:

Apt-get Install Flex BYACC libpcap0.8 libncurses5

Then we download the package Iftop

Continue to execute

Tar zxvf iftop-0.17.tar.gz

CD iftop-0.17

./configure

Make && make install

And then we'll install it.

What's the use of the swelling?

Direct input iftop and then we can see the network link and IP I put a website on the top, and then tested it, refresh the page

There are IP access and exchange for other IP landing can be displayed by the quack

And then I'll send you the following instructions.

Then we based on the large flow of IP can be iptables to block IP, this is only temporary to see who is attacking us, modify the vulnerability is

Important to

Five, related parameters and instructions 1, IFTOP interface related instructions

The interface shows a scale range similar to scale, which is used as a ruler for displaying the flow pattern.

The middle <= => these two left and right arrows, indicating the direction of the flow.

TX: Send traffic Rx: Total traffic flow Cumm: The total flow of running iftop to the current time peak: Peak traffic rates: the average flow of the past 2s 10s 40s

2. Parameters commonly used in iftop related parameters

-I set the monitoring network card, such as: # Iftop-i eth1

-B displays traffic in bytes (bits by default), such as: # Iftop-b

-N Causes the host information to appear by default directly to the IP, such as: # Iftop-n

-N causes port information to be displayed directly by default, such as: # Iftop-n

-F shows incoming and outgoing traffic for a specific network segment, such as # iftop-f 10.10.1.0/24 or # iftop-f 10.10.1.0/255.255.255.0

-H (Display this message), Help, display parameter information

-P using this parameter, the middle of the list shows the local host information, the presence of IP information outside the machine;

-B to display the flow graph bar by default;

-F This is temporarily not very good to use, filtering the calculation package;

-P causes host information and port information to be displayed by default;

-M to set the maximum of the top of the interface, the scale is divided into five large segment display, example: # iftop-m 100M

Some action commands after entering the Iftop screen (note case)

Press H to toggle whether to show help;

Press N to toggle the display of the IP or host name of the computer;

Press S to toggle whether the local host information is displayed;

Press D to toggle whether to display host information for remote target hosts;

Press T to toggle the display format to 2 lines/1 lines/Show only send traffic/show only receive traffic;

Toggle the display port number or port service name by N;

Press S to toggle whether or not to display the port information of the machine;

Press D to toggle the display of port information for the remote target host;

Press p to toggle whether or not to display port information;

Press p to toggle suspend/continue display;

Whether the average flow graph bar is shown by B switch;

The average flow rate in 2 seconds or 10 seconds or 40 seconds is calculated by B switch;

Press T to toggle whether the total flow of each connection is displayed;

Press L to open screen filtering function, input to filter characters, such as IP, press ENTER, the screen will only display this IP-related traffic information;

Press L to toggle the display of the top of the screen, the scale is different, flow chart will change;

Press J or press K to scroll up or down the screen to display the connection record;

1 or 2 or 3 can be sorted according to the three-column flow data displayed on the right;

Press < sort according to the local name or IP on the left;

Press > To sort the host name or IP of the remote target host;

Press O to toggle to show only current connections;

Press F can edit the filter code, this is the translation over the saying, I have not used this!

Press! You can use the shell command, this is useless! I don't know what command works here!

Press Q to exit monitoring.

Vi. Frequently Asked Questions

1, Make:yacc:Command not foundmake: * * * [GRAMMAR.C] Error 127

Workaround: Apt-get Install Byacc/yum install BYACC

2, configure:error:curses! Foiled again! (Can ' t find a curses library supporting Mvchgat.) Consider installing ncurses.

Workaround: Apt-get Install Libncurses5-dev/yum install Ncurses-devel