Note: Depending on the number of web logs or network connections, monitor the number of concurrent connections for an IP or PV to 100 in a short timethat is, call the firewall command to seal off the corresponding IP, monitoring frequency every 3 minutesthe firewall command is: iptables-a input-s 10.0.1.10-j DROPIdeas:1. Analyze logs, extract IP and PV numbers2.while statement, read the extracted IP and PV number, and implement a 3-minute loop3. Call the firewall commandUse while to read the log
Scapy is a powerful interactive packet processor written by Python that can be used to send, sniff, parse, and forge network packets, often used in network attacks and tests.
This is done directly with Python's scapy.
Here is the ARP attack way, you can make ARP attack.
Copy Code code as follows:
#!/usr/bin/python
"""
ARP attack
"""
Imp
Analysis of PHP programs to prevent ddos, dns, and cluster server attacks. To put it bluntly, copy the code as follows :? Php query prohibited IP $ ip $ _ SERVER [REMOTE_ADDR]; $ fileht. htaccess2; if (! File_exists ($ fileht) file_put_contents ($ fileht, not much nonsense, on the code
The code is as follows:
// Query the forbidden IP address$ Ip = $ _ SERVER ['remote _ ADDR '];$ Fileht = ". htaccess2 "
This article provides a detailed analysis of PHP programs to prevent ddos, dns, and cluster server attacks.
The code is as follows:
// Query the forbidden IP address$ Ip = $ _ SERVER ['remote _ ADDR '];$ Fileht = ". htaccess2 ";If (! File_exists ($ fileht ))File_put_contents ($ fileht ,"");$ Filehtarr = @ file ($ fileht );If (in_array ($ ip. "\ r \ n", $ filehtarr ))Die ("Warning :".""." Your IP address
This article will introduce several main DNS attack methods. I hope this technology will help you.
Use DNS servers for DDOS attacks
The normal recursive query process on the DNS server may be exploited as a DDOS
Reason
PHP script part of the source code:
Copy CodeThe code is as follows:
$fp = Fsockopen ("udp://$ip", $rand, $errno, $ERRSTR, 5);
if ($fp) {
Fwrite ($fp, $out);
Fclose ($FP);
PHP script in the Fsockopen function, to the external address, through the UDP send a large number of packets, attack each other.
Response
You can disable the Fsockopen function through php.ini, and use Windows 2003 Security Policy to mask the UDP port on this computer.
Reason
PHP script part of the source code:
Copy Code code as follows:
$fp = Fsockopen ("udp://$ip", $rand, $errno, $ERRSTR, 5);
if ($fp) {
Fwrite ($fp, $out);
Fclose ($FP);
PHP script in the Fsockopen function, to the external address, through UDP send a large number of packets to attack each other.
Response
You can disable the Fsockopen function by php.ini, and use Windows 2003 security policy to block the local UDP por
IP 92. XX. xx.148.20.50> XX. XX.53: 23600 + [1au] ANY? Isc.org. (36) 07:39:53. 291822 IP 158. XX. XX.238.13616> XX. XX.53: 56854 + [1au] ANY? Isc.org. (36) 07:39:53. 291850 IP 158. XX. XX.238.13616> XX. XX.53: 56854 + [1au] ANY? Isc.org. (36) 07:39:53. 291860 IP 158. XX. XX.238.13616> XX. XX.53: 56854 + [1au] ANY? Isc.org. (36) 07:39:53. 291869 IP 158. XX. XX.238.13616> XX. XX.53: 56854 + [1au] ANY? Isc.org. (36) 07:39:53. 291877 IP 92. XX. XX.148.56278> XX. XX.53: 23600 + [1au] ANY? Isc.org. (
In the previous article (man-in-the-middle attack ARP poisoning), we discussed dangerous hacker attacks and practical ARP poisoning principles. In this article, I will first discuss how to detect and prevent ARP poisoning (or ARP spoofing) attacks, and then I will review other man-in-the-middle attacks-DNS spoofing.ARP cache attacks are very dangerous. It is important to create security awareness and analyz
Domain Name Server authorized by baidu.com to the local DNS server. The local DNS server continues to initiate a query to baidu.com to obtain the IP address of www.baidu.com. After obtaining the IP address corresponding to www.baidu.com, the local DNS server transmits the IP address to the user in the form of a dns re
Now some small software, control the Update method is generally HTTP read file, determine whether the read text is equal to the version numberOr to determine the QQ nickname, network nickname and so on. above has its own shortcomings, here is recommended a DNS control software updates the backdoor, anti-DDoS. #include strcpy (Szip,inet_ntoa (* (LPIN_ADDR) * (PPADDR));//printf ("%s\n", Szip);}} WSACleanup ()
Like smurf
Currently, many DNS servers support EDNS. EDNS is an extended DNS mechanism, which is introduced in RFC 2671. Some options allow the DNS to reply to more than 512 bytes and still use UDP, if the requestor points that it can handle such a large DNS query. Attackers have used this method to produce a large am
Name Service provider 114DNS found a "monitoring data anomaly." Then, the security team successfully traced to launch this DNS hijacking attack "culprit", and the first time the attack to the Tp-link and other domestic mainstream router manufacturers.
114DNS and Tencent computer stewards say a new round of DNS phishi
hundreds of thousands of users are redirected to a trap site set up by hackers by embedding a server with a cache poisoning attack. The severity of this issue is related to the number of users who use domain name requests. In this case, hackers who do not have a variety of technologies can cause a lot of trouble, so that users can tell others their online banking account passwords and online game account passwords in a confused manner.
In this way, t
Recently in doing OpenWrt platform, DNS use is DNSMASQ, but through the board to the Internet, the PC's DNS is set to board the time, found that Baidu, etc., but the company mailbox can not open. The domain name of the company mailboxxx-xx-notes.xxx.com.cn form, so the DNSMASQ log opened to see the next. Finally found the problem.How to open DNSMASQ log1. Find/etc/dnsmasq.confIn the OpenWrt system, dnsmasq.
After a series of recent retaliatory attacks caused by the closure of the file sharing website Megaupload, Anonymous's Denial-of-Service "Cannon" has greatly reduced the number of shells fired later.
Although Anonymous members intend to break the INTERPOL website in February 28 (mainly through the online version of the "low-track Ionic Gun" Denial-of-Service tool ), moreover, some vulnerable websites (including most recently websites affiliated with Panda Security) have been destroyed, and the
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.