A Distributed Denial-of-Service (DDoS)attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource. The flood of incoming messages, connection requests or malformed packets to the target system forces it to slow down or even crash and shut down, thereby denying service to legitimate users or systems.
How DDoS Attacks Work
In a DDoS attack, the incoming traffic flooding the victim originates from many different sources – potentially hundreds of thousands or more. This effectively makes it impossible to stop the attack simply by blocking a single IP address; plus, it is very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin.
Types of DDoS Attacks
There are many types of DDoS attacks. Common attacks include the following:
Traffic attacks:Traffic flooding attacks send a huge volume of TCP, UDP and ICPM packets to the target. Legitimate requests get lost and these attacks may be accompanied by malware exploitation.
Bandwidth attacks:This DDos attack overloads the target with massive amounts of junk data. This results in a loss of network bandwidth and equipment resources and can lead to a complete denial of service.
Application attacks:Application-layer data messages can deplete resources in the application layer, leaving the target’s system services unavailable.
For Linux Servers
1. Find to which IP address in the server is targeted by the DDoS attack
Distributed Replicated Block Device (DRBD) DRBD is a distributed replicated storage system for the Linux platform. It is implemented as a kernel driver, several user space management applications, and some shell scripts. DRBD is traditionally used in high availability (HA) computer clusters, but beginning with DRBD version 9, it can also be used to create larger software defined storage pools with a focus on cloud integration.
Comparison to RAID-1 ===================== DRBD bears a superficial similarity to RAID-1 in that it involves a copy of data on two storage devices, such that if one fails, the data on the other can be used. However, it operates in a very different way from RAID and even network RAID.
In RAID, the redundancy exists in a layer transparent to the storage-using application. While there are two storage devices, there is only one instance of the application and the application is not aware of multiple copies. When the application reads, the RAID layer chooses the storage device to read. When a storage device fails, the RAID layer chooses to read the other, without the application instance knowing of the failure.
In contrast, with DRBD there are two instances of the application, and each can read only from one of the two storage devices. Should one storage device fail, the application instance tied to that device can no longer read the data. Consequently, in that case that application instance shuts down and the other application instance, tied to the surviving copy of the data, takes over.
Conversely, in RAID, if the single application instance fails, the information on the two storage devices is effectively unusable, but in DRBD, the other application instance can take over.
How it Works ============ The tool is built to imperceptibly facilitate communication between two servers by minimizing the amount of system resources used- It therefore does not affect system performance and stability.
DRBD facilitates communication by mirroring two separate servers- one server, although passive, is usually a direct copy of the other. Any data written to the primary server is simultaneously copied to the secondary one through a real time communication system. Any change made on the data is also immediately replicated by the passive server.
The passive server only becomes active when the primary one fails and collapses. When such a failure occurs, DRBD immediately recognizes the mishap and shifts to the secondary server. This shifting process however, is optional- it can either be manual or automatic. For users who prefer manual, one is required to authorize the system to shift to the passive server when the primary one fails. Automatic systems on the other hand, swiftly recognize problems within the primary servers and immediately shift to the secondary ones.
DRBD installation =================
Install ELRepo repository on your both system: ———————————————-
# rpm -Uvh http://www.elrepo.org/elrepo-release-6-6.el6.elrepo.noarch.rpm
Update both repo ————————
yum update -y
On the PRIMARY server run drbdadm command ——————————————————————
[[email protected] ~]# drbdadm — –overwrite-data-of-peer primary all
Check if Device disk initial synchronization to complete (100%) and check to confirm you are on primary server ———————————————————————————————————————————————————–
[[email protected] yum.repos.d]# cat /proc/drbd
Create filesystem on Distributed Replicated Block Device device ——————————————————————————————-
[[email protected] yum.repos.d]# /sbin/mkfs.ext4 /dev/drbd0
mke2fs 1.41.12 (06-June-2017)
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
131072 inodes, 524007 blocks
26200 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=536870912
16 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912
RAID (Redundant Array of Independent Disks) is a data storage virtualization technology. It combines multiple inexpensive,small disk drives into an array of disks in order to provide redundancy, lower latency and maximized the chance to recover data from the hard drives If they crashes. And there by improving the performance. The RAID appears to the system as a single drive. RAID can be implemented via Hardware devices as RAID controllers or via software controlled by the Linux Kernel.
The most commonly used RAID levels are
RAID 0 [Minimum of 2 Disk]
RAID 1 [Minimum of 2 Disk]
RAID 5 [Minimum of 3 Disk]
RAID 10 [Minimum of 4 Disk]
RAID 1 is also known as “disk mirroring.” With RAID 1, data is copied seamlessly and simultaneously from one drive to another, creating an exact copy or mirror. If one of the disk on raid array fails, the other can work without issues. It’s the simplest way to implement fault tolerance storage. But it slightly drag the performance. This is useful when read performance or reliability is more important than the resulting data storage capacity.
The advantages of raid 1 are it offers excellent read speed and a write-speed that is comparable to that of a single drive and if a drive fails, data do not have to be rebuild, they just need to be copied to a new replacement drive.
The main disadvantage of RAID 1 is that the effective storage capacity is only half of the total drive capacity because all data get written twice and software RAID 1 solutions do not always allow a hot swap of a failed drive.
Configuring RAID level 1 using mdadm.
Install mdadm on your server.
You can use the following commands to installmdadm.
For RHEL/CentOS/Fedora: =======================
# yum install mdadm And for Debian/Ubuntu: =======================
#apt-get install mdadm The next step is to create a RAID array. For that create the disk partitions (with the same size) that are going to be the array members as RAID partition. To create partitions you can use the following commands.
#fdisk -l | grep /dev/sd (This command will list the disks on the server.eg: the disks on the server are sdb & sdc)
Then choose one disk eg: sdb
Then press ‘n’ for creating a new partition in /dev/sdb. Then press ‘p’ for use it as primary partition. Enter the partition number. You can use the full size by just pressing two times ‘Enter key’. Then press ‘t’ to choose the partition type. Then choose ‘fd‘ for Linux raid auto and press ‘Enter Key’ to apply it. Pressing ‘p’ verify that the partition is created as Linux raid auto detect. Press ‘w’ to save the changes.
Follow the same instructions to create new partition on /dev/sdc drive with the same partition size.
The next step is to create a RAID 1 sdb1,sdc1 array using command mdadm:
/dev/md0 is the new RAID device that we want to create.
–level–> defines the RAID level; in our case, RAID 1.
–raid-devices –> It specifies how many disks (devices) are going to be used in the creation of the new RAID device.(here 2 — /dev/sdb1 /dev/sdc1)
xxxxxxxxx You can verify raid status using the following command.
#mdadm -E /dev/sd[b-c]1
# mdadm –detail /dev/md0 The next step is formatting the partition and creating a file system and mount the partition.
#mkfs.ext4 /dev/md0 –> to format the partition To mount /dev/md0 to /raid1 perform the below steps.
# mkdir /raid1
# mount /dev/md0 /raid1
# df -H –> you can verify it is mounted or not. To auto-mount RAID1 on system reboot, need to make an entry in ‘/etc/fstab‘ file. For that add the following line to the fstab.
/dev/md0 /raid1 ext4 defaults 0 0
Then run ‘mount -a‘ to check whether there are any errors on fstab entry. Now update /etc/mdadm/mdadm.conf or/etc/mdadm.conf file as follows:
ARRAY /dev/md0 devices=/dev/sdb1,/dev/sdc1 level=1num-devices=2 auto=yes
Today when i install Windows Server 2012 r2 OS in a new HPE Proliant DL 380 server, after the os installation i have added ip manually to the Ethernet interface, but i get a Limited Access error,so i double check the ip is correct or not, i was right ip is correct, so i disabled firewall ,then i checked by typing ipconfig in the command prompt and i get result as follows
from the above command result you can find the connected interface notedown its idx id which is 12 in my case but your id may vary , type following command with your idx id in the command prompt then press enter
netsh interface ipv4 set interface 12 dadtransmits=0 store=persistent
this will give you following result
C:\\Users\\Administrator>netsh interface ipv4 set interface 12 dadtransmits=0 store=persistent
Click on start and click on RUN (or simple press windowsKey+R ) type CMD and Type Services.msc a box will appear Search for DHCP client right click on it and Click on Properties click on Startup Type select Disable
Now Click on Stop Button Below Andclick on Ok
Unplug Your Lan Cable And Restart your System
After Restart don’t Plugin your Cable, Come again to Services.msc find DHCP client right click on it and Click on Properties click on Startup Type nowselect Automatic
Network interface bonding is a Linux kernel feature which allows to aggregate multiple interfaces (eth0,eth1) into one virtual link such as bond0. Network card bonding is an effective way to increase the available bandwidth. If bonded the interfaces appears as same physical device and they have same MAC address. The other names for network interface bonding are port trunking, NIC teaming channel bonding and link aggregation. The main advantage of bonded network interface is to increase data throughput by load balancing and to provide redundancy by allowing fail over from one component device to another.
## How to create a network interface bond?
Create a file named ifcfg-bondN in the directory /etc/sysconfig/network-scripts, Here “N” is the number of interfaces. Then edit the contents of ifcfg-bondn and make it similar to the configuration settings for an Ethernet interface except that DEVICE is set to bondn instead of ethn.
BONDING_OPTS=”bonding parameters separated by spaces”
For each interface that you want to bond, edit its ifcfg-interface file so that it contains MASTER=bondN and SLAVE entries. An example is given below.
Create the file bonding.conf in the directory/etc/modprobe.d/, so that it contain entry for each bonded interface, for example:
alias bond0 bonding
It ensures that the kernel loads the bonding module is loaded when bring up the bonded interface. All bonded interfaces require entry in this file.
I have got this error after updating system using WSUS Offline utility,after successful update system restarts And the login screen by default shows the username of WOUTempAdmin. Not a big deal as I can log in with my admin account. But still a pain.
to fix this issue you have to follow the steps:
Press “Windows Key” and “R”
type “regedit” press Ok
Run “regedit” this will open Registry Editor
Note* Be careful when editing the registry. Don’t go into the registry editor and delete anything or change a setting unless you know exactly what you’re doing. If you do know what you’re doing and are careful to modify only the correct values, you shouldn’t have any problems. However, if you start deleting folders (known as “registry keys”) or modifying other values, you could seriously damage your Windows installation. When using the registry editor, always bear this warning in mind.
Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Change DefaultUserName to your default user for eg: Administrator , i have used fragadmin0608 instead of Administrator this may vary
then within the registry you can find AutoAdminLogon
Confirm delete by pressing yes
Press F3 and search for any entry containing “woutemplogin” and delete it as long as the searchphrase can’t be found any more,then restart your system
After restart if you can see your login screen with your default username .then your issue is fixed