(No Ratings Yet)
Loading ...Is there anyway to see who is pinging me in the Linux console?
I run a server with a few websites on it, a Counter-Strike: Source server and a Ventrilo server. I use SSH to connect to the server and do what I need, the server runs the CentOS Linux Operating System. Today an unhappy gamer who got banned used a BotNet to DDoS my server, bringing down the game server all my websites and the Ventrilo server.
Is there anyway for me to see who is pinging me and/or a log of who is pinging/has pinged me via SSH?
Posted in CentOS | 
Tags: botnet, CentOS, centos linux, counter, counter strike source, game server, gamer, linux, operating, operating-system, server, source, source server, ssh, strike, system, ventrilo, ventrilo server
2 Responses to “Is there anyway to see who is pinging me in the Linux console?”
Yes, it’s possible if you configure the firewall to log ICMP requests and then look at the log in real time with “tail” or “dmesg” (of grepping the file for non-realtime). However, logging ICMP packets creates a lot of overhead and absorbs a lot of CPU resources. When under attack, log files fill up at an unbelievably rapid pace.
It’s better to use s device like http://www.Toplayer.com to prevent intrusion attempts and flooding. While Toplayer boxes are good for protecting servers or a whole data center, they cannot prevent upstream network segments from filling up and being over-loaded with packets during a flooding attack. In other words, it doesn’t matter whether the DDoS attack happens on your server or at the router of your ISP — in some cases, such an attack may not even reach you servers and still make them unavailable to legitimate users (including admins over SSH)..
Report this comment
Need a firewall with logging setup. For a variety of reasons..
1) So that you can keep track of this s#it.
2) So you don;t have to.
You MIGHT find something in /var/log .. maybe in daemons.log .. but not likely. If they hit the Apache server you may have them… But they didn’t…
Report this comment