News
Seven days of Black Friday madness — great deal from Serverspace!
Serverspace Black Friday
RF
June 16, 2023
Updated July 26, 2023

How to setup an anti-DDoS system on Debian: Part 2

Networks Security

Previous episode

In the previous episode of the series instruction, we consider the first steps for making a security—based system that can oppose DDoS attacks and prepare our system for this state. In brief, we install sniffing and monitoring software to our proxy server that collected for us data and put it in a special folder in the format file “.pcap”. Now we use this traffic for analysis and filtering mode that can help forensics specialists and pentester in their job. Let’s get started!



Software

In wireshark, we have filtering options which can be very useful for creating a normal traffic profile. Port, protocol, IP address and expression filter isolate the traffic and can create a list of needed information. We can import this data to Excel or anything comfortable software for working with traffic.

Analysis

Consider the main window of the monitoring program:

Main windows
Screenshot №1 — Main window

If you miss the previous episode you need to collect a certain amount of traffic in our program this is also possible. Click on a button resembling a shark's crest:

Start button
Screenshot №2 — Start button

After gathering data you need to stop monitoring and click on a stop button as in the photo below:

Stop button
Screenshot №3 — Stop button

Or if you have a pcap file then open it from the menu of that program in the line above:

Menu
Screenshot №3 — Menu

A window about saving will pop up — save or not at your choice:

Pop up message
Screenshot №5 — Pop—up message

All instruments for analyzing and gathering statistics about your traffic in a network are located also in the line above, with the names “Analyze” and “Statistics”. These represent the number of diverse methods and tools in order to highlight a sense of information:

Analyze
Screenshot №6 — Analyze menu

 

Statistics menu
Screenshot №7 — Statistics menu

At first, we collect a list of the IP address's source and destination traffic, which will be marked as legitimized. Choose the tab Statistics, find the IPv4 point and click on the first line:

IP research
Screenshot №8 — IP research

All addresses will display on the list with various parameters: frequency address in the general set, rate and percentage of total traffic. By clicking on the menu on the tab below we can see Destinations and Ports:

IP statistics
Screenshot №9 — IP statistics

 

Port statistics
Screenshot №10 — Port statistics

Save that information by clicking on the button Save as. Further, we consider all extracted information and make a list of important data. IP protocols we can see below:

statisticts
Screenshot №11 — Protocol statistics

In this sniffing program, we can exploit a chart for primitive visualization of frequency packets. Click on Statistics in the tab above then choose I/O Graphs and see the result:

graph-i.o
Screenshot №12 — I/O Graph menu

 

chart
Screenshot №13 — Chart

Conclusion

After we have taken measurements of all the dots and digital prints, we can summarize extraction data and make a conclusion about the profile of our traffic, but you can notice that the profile hasn’t been visualized part in the next episode of the series instruction we consider “How to use traffic profile for protection against DDoS?” and “How to visualise the path of traffic profile?” for make more thoroughly and deepest portrait of the legitimised user. All of that and more we can see in the next episode. Don't tune the channel!

Vote:
5 out of 5
Аverage rating : 5
Rated by: 1
1101 CT Amsterdam The Netherlands, Herikerbergweg 292
+31 20 262-58-98
700 300
ITGLOBAL.COM NL
700 300

You might also like...

We use cookies to make your experience on the Serverspace better. By continuing to browse our website, you agree to our
Use of Cookies and Privacy Policy.