If your server is currently under DDoS attacks please do the following command:
tcpdump -nn -vvv -c 10000 -w ddos-`date +%F_%T`.pcap
And send us the file ddos.pcap that should be in the root folder, this way it will be faster for us to analyze the attack and block it.
note:
-bash: tcpdump: command not found ?
install tcpdump use yum or apt example : yum install tcpdump or apt install tcpdump
need edit : sysctl.conf
net.ipv4.ip_local_port_range=32768 61000
net.ipv4.tcp_dsack=0
net.ipv4.tcp_ecn=0
net.ipv4.tcp_fack=0
net.ipv4.tcp_fin_timeout=1
net.ipv4.tcp_keepalive_intvl=10
net.ipv4.tcp_keepalive_probes=3
net.ipv4.tcp_keepalive_time=30
net.ipv4.tcp_low_latency=1
net.ipv4.tcp_max_orphans=524288
net.ipv4.tcp_max_syn_backlog=1024
net.ipv4.tcp_no_metrics_save=1
net.ipv4.tcp_retries2=10
net.ipv4.tcp_sack=1
net.ipv4.tcp_slow_start_after_idle=0
net.ipv4.tcp_synack_retries=3
net.ipv4.tcp_syncookies=2
net.ipv4.tcp_timestamps=1
net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_window_scaling=1
Sunday, July 14, 2019