Differences

This shows you the differences between two versions of the page.

Link to this comparison view

opennic:tier2security [2017-06-29T04:28:38Z]
fusl created
opennic:tier2security [2017-07-04T23:43:07Z] (current)
fusl
Line 43: Line 43:
   # tcpdump -c10 -pntxi eth0 not udp src port 53 and udp dst port 53   # tcpdump -c10 -pntxi eth0 not udp src port 53 and udp dst port 53
  
-The option ​'''​-c10'''​ specifies that you only want to dump out 10 packets at a time. The portion after the interface specifies that we only want to look at incoming packets on UDP port 53, and ignore outgoing packets.+The option ''​-c10''​ specifies that you only want to dump out 10 packets at a time. The portion after the interface specifies that we only want to look at incoming packets on UDP port 53, and ignore outgoing packets.
  
 If your server is being attacked, you will probably see several instances of the particular query within those 10 packets. For example, while being flooded with ANY queries for the root zone, I captured the following: If your server is being attacked, you will probably see several instances of the particular query within those 10 packets. For example, while being flooded with ANY queries for the root zone, I captured the following:
  • /wiki/data/pages/opennic/tier2security.txt
  • Last modified: 19 months ago
  • by fusl