Website Security Alliance: Webmaster How to deal with DDoS attacks series of Tutorials (ii)

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

has done many years website, experienced the website to be attacked the situation, initially also did not feel the clue, later in the unceasing study groping, gradually learned some to determine the attack type the method.

Today, we share three methods to determine DDoS attacks, are my own summary of experience, what good ideas can communicate with me.

1, Judge and server data interaction speed. If you use the ping command.

Ping www.xxx.com–t

The meaning is to continuously send and accept the server return data to the website service, will normally get

2012-4-1 21:12 Upload

Download attachment (294.77 KB)

From the above return data, data interaction is normal, only 7ms or so, fast, connection stability.

However, if the site server is attacked, there will be a large return value, or even completely no response.

2012-4-1 21:12 Upload

Download attachment (64.87 KB)

2, view the server's network connectivity, such as the use of Netstat–an command

Normal Web servers, while online numbers are limited, such as using the netstat command below

2012-4-1 21:12 Upload

Download attachment (234.41 KB)

If the server appears more than normal number of connections, there will be a large number of syn_received, time_wait and other states.

3, through the Web server log check status. such as Apache log analysis.

The above is my personal experience summary, hope is useful to everybody.

Original article, Pure hand Dozen, reprint please specify the copyright belongs to: Eesafe website Security Alliance

Reprint please indicate the original address in the form of link: http://www.eesafe.com/bbs/thread-504-1-1.html