DDoS and interface down?

[BernardoCR]

Every time my server gets a large DDoS attack, my network connection seems to hang, and only gets back if I login to the server through KVM and make an [cmd=]ifconfig ix0 down[/cmd] and [cmd=]ifconfig ix0 up[/cmd]

I don't know what is making the network interface freeze, or if it's another problem, but I wonder if someone has already experienced this and has a clue how to solve this.

Thank you.

 

[jailed]

Hello,

I don't know the reason of this problem but I can suggest you a solution to make your job easier.

You can write a shell script to ping an outside host (for example google.com) and check that Internet is up or down, and then if it's down, restart the interface with ifconfig. Then add this script to cronjobs to run every minute. If you don't know how to write a script like that, I can do it for you. It takes 1-2 minutes. This will save you for connecting via KVM and restarting the interface manually when you aware of the DDoS.

 

[BernardoCR]

That's a really good idea.

It would be great if you could help writing the script.

Thank you jailed!

 

[BernardoCR]

Actually, I found one on the net. Would that work?

#!/bin/bash
# Simple SHELL script for Linux and UNIX system monitoring with
# ping command
# -------------------------------------------------------------------------
# Copyright (c) 2006 nixCraft project <http://www.cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# -------------------------------------------------------------------------
# Setup email ID below
# See URL for more info:
# http://www.cyberciti.biz/tips/simpl...monitoring-with-ping-command-and-scripts.html
# -------------------------------------------------------------------------

# add ip / hostname separated by white space
HOSTS="cyberciti.biz theos.in router"

# no ping request
COUNT=1

# email report when
SUBJECT="Ping failed"
EMAILID="me@mydomain.com"
for myHost in $HOSTS
do
count=$(ping -c $COUNT $myHost | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')
if [ $count -eq 0 ]; then
# 100% failed
echo "Host : $myHost is down (ping failed) at $(date)" | mail -s "$SUBJECT" $EMAILID | ifconfig ix0 down | ifconfig ix0 up
fi
done

 

[BernardoCR]

I've tested, it works.

Thanks!