-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsuivi-attaque.txt
65 lines (51 loc) · 3.35 KB
/
suivi-attaque.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
Les attaques avant la mise en place des nouvelles régles IPTABLE.
Les attaques en en LAYER 4 qui passe sur le port 80 paquets envoyé : 50 000
Par contre UFW est complétement affolé
AMP => CLDAP incoming en constant 400MBit/s
=> NTP incoming en constant 200MBit/s
=> WSD incoming en constant 565MBit/s à était atténué par le serveur à 225MBit/s
=> ARD incoming en constant 330MBit/s
Rien dans l'Outgoing 0MBit/s
Probléme rencontré :
Jun 17 12:10:03 sudo[4715]: root : TTY=unknown ; PWD=/home/admin ; USER=root ; COMMAND=/usr/local/vesta/bin/v-list-sys-config json
Jun 17 12:10:03 sudo[4715]: pam_unix(sudo:session): session opened for user root by (uid=0)
Jun 17 12:10:03 sudo[4715]: pam_unix(sudo:session): session closed for user root
Jun 17 12:10:05 systemd[1]: Stopping nginx - high performance web server...
Jun 17 12:10:05 systemd[1]: Stopped nginx - high performance web server.
Jun 17 12:10:05 systemd[1]: Starting nginx - high performance web server...
Jun 17 12:10:05 systemd[1]: Started nginx - high performance web server.
Jun 17 12:10:05 systemd[1]: Reloading The Apache HTTP Server.
Jun 17 12:10:05 sudo[4326]: pam_unix(sudo:session): session closed for user root
Jun 17 12:10:05 CRON[4318]: pam_unix(cron:session): session closed for user admin
Jun 17 12:10:05 apachectl[4909]: AH00112: Warning: DocumentRoot [public_html/public] does not exist
Jun 17 12:10:05 apachectl[4909]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using ebula.fr. Set the 'ServerName' directive globally to suppress this message
Jun 17 12:10:05 systemd[1]: Reloaded The Apache HTTP Server.
Jun 17 12:10:06 systemd[1]: Stopping nginx - high performance web server...
Jun 17 12:10:06 systemd[1]: Stopped nginx - high performance web server.
Jun 17 12:10:06 systemd[1]: Starting nginx - high performance web server...
Jun 17 12:10:06 systemd[1]: Started nginx - high performance web server.
Jun 17 12:10:06 systemd[1]: Reloading The Apache HTTP Server.
Jun 17 12:10:06 apachectl[5013]: AH00112: Warning: DocumentRoot [public_html/public] does not exist
Jun 17 12:10:06 apachectl[5013]: AH00112: Warning: DocumentRoot [public_html/public] does not exist
Jun 17 12:10:06 apachectl[5013]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using ebula.fr. Set the 'ServerName' directive globally to suppress this message
Jun 17 12:10:06 ebula.fr systemd[1]: Reloaded The Apache HTTP Server.
Les attaques en L7 sur le domaine
=> Incoming en constant 3-6 MBit/s
=> Outgoing en constant 13 MBit/s
TARGET http://ebula.fr
TIME 300
METHOD RATELIMIT
POST DATA username=test&password=test (ONLY FOR POST METHOD!)
REFERER https://example.com (OPTIONAL)
COOKIE PHPSESSID=0123456789 (OPTIONAL)
User Agent (OPTIONAL) Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36
ORIGIN Default Wordwild
Mode JS-DOM
-------------------------------
Après la mise à jour des iptables
Attaque udpmix sur le port 80 envoi de 1gbps
=> Le server reçoit Un current 165MBit/s pour le moment avec un AVG de 110MBit/s en continue.
Attaque DNS envoi de 1gbps
=> Le server reçoit un current fragmententé en pique de 300Kbit/s et rarement des pique de 300Mbit/s
Attaque LDAP envoi de 1gbps
=> e server reçoit un current de 300Mbit/s en continue.