Recently launched Ubuntu LTS aka Hardy Heron, brings the best of open source with lots of improvements including productivity tools, the latest Firefox (beta 5), PSP plugin and more… click here to check on all the features.

I downloaded and install it on my computer just today and i was impressed on how clean the interface is and it completely works out of the box on my Dell Inspiron 6400 Laptop. My only dismay is on firefox 3 because it does not allowed me to install my previous add-ons like Live-IP Address , Show IP Address and Foxmarks but overall it is a great experience installing the heron on my laptop.

Share your favorite Linux tools that you frequently used. Here’s mine.

du -sh * -> estimate file space usage, display total and in human readable format.
ls -al -> list all files in long format.
df -h -> show how much free disk space in human readable format.
top -> see currently running processes and other information like memory and CPU usage with real time updates.
mv -> move files and directories
w - see who is currently login.
find -> find files.

Hardware:

cat /proc/cpuinfo |grep “model name” -> to check cpu info

lspci -> to check pci items

lsmod -> to check installed hardware

A quick and useful command for checking if a server is under DDOS:

netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

or

netstat -anp |grep :80 | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

This will list the IPs taking the most connections. It is important to remember that DDOS is becoming more sophisticated and they are using fewer connections with more attacking ips. If this is the case you will still get low number of connections even while you are under a DDOS.

Another very important thing to look at is how many active connections your server is currently processing.

netstat -n | grep :80 |wc -l

netstat -n | grep :80 | grep SYN |wc -l

The first command will show the number of active connections that are open to your web server. The number of active connections from the first command is may vary but if you are much above 500 you are probably having problems. If the second command is over 100 you are having trouble with a syn attack.

Block the IPs by adding the offending IP to your firewall or by using iptables command and restart iptables.

iptables -A INPUT 1 -s IPADRESS -j DROP/REJECT

service iptables restart

service iptables save

Then restart your web server.

/etc/init.d/httpd restart

here’s a small bash script so that you can send the list to your email. Create a file ddos-check and add the following:

#!/bin/bash
dt=`date ‘+%m-%d-%y’`
host=`hostname`
netstat -anp |grep :80 | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n | mail -s “Netstat $host” your_email@address.com

The pathping command is a route tracing tool that combines features of the ping and tracert commands with additional information that neither of those tools provides. The pathping command sends packets to each router on the way to a final destination over a period of time, and then computes results based on the packets returned from each hop. Since the command shows the degree of packet loss at any given router or link, it is easy to determine which routers or links might be causing network problems. A number of options are available, as shown in the following table.

read more …