Electronic Books

In their rush to get online, many of those people neglect even the
most basic security. Because the vast majority of these people run Microsoft operating systems, they
tend to get hit with worms and viruses rather quickly. After the machine has been infiltrated, quite
often the worm or virus installs a program on the victim??™s machine that instructs it to quietly call
home and announce that it is now ready to do the master??™s bidding.
At the whim of the master, the infected machines can now be used to focus a concentrated stream
of garbage data at a selected host. In concert with thousands of other infected machines, a script
kiddie now has the power to take down nearly any site on the Internet.
Detecting a DDOS is similar to detecting a DOS attack. One or more of the following signs are
likely to be present:
 Sustained saturated data link
 No reduction in link saturation during off-peak hours
 Hundreds or even thousands of simultaneous network connections
 Extremely slow system performance
229
Securing Linux 6
To determine if your data link is saturated, the act of pinging an outside host can tell much of the
story. Much higher than usual latency is a dead giveaway. Normal ping latency (that is, the time it
takes for a ping response to come back from a remote host) looks like the following:
# ping www.


Pages:
473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497