Help needed with possible DDoS
So I'm noticing some odd slowness on my network, despite the fact that there has been some work being done in the area for another ISP. Running the netstat command came up with a lot of incoming addresses on my network. I am not very experienced so I am not sure if I am being attacked or not, or at this point how to mitigate this.
Any help would be much appreciated
Any help would be much appreciated
Comments
In Progress: Linux+/LPIC-1, Python, Bash
Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
Seems to be resolved now, do you have any advice on how to mitigate attacks in the future? I renewed and released the DHCP and tried changing my IP on windows. I'm not really sure how to comprehend that traffic either, I just know there were a few bouts of slow internet.
@OP - it would be helpful if you posted info so it's easier to read but from what I could glean without getting a neck cramp - looks like outbound connections from your computer. And if your router/firewall is configured correctly, it's unlikely to be inbound connections.
It looks like a browser hijack to me but I also recall finding another reason for this - just can't remember what...
If you post better details from the netstat - Ideally not a screenshot - it would be interesting to try to diagnose.
Anyways, securing your IPtables should be your first line of defense:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT
-A INPUT -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
The bolded lines are going to provide you the most security at the OS layer from outside attackers, specifically bots that crawl the internet looking for systems to exploit and also limit the amount of input from any established or new connections.
Edit (check this out): https://linuxaria.com/howto/how-to-verify-ddos-attack-with-netstat-command-on-linux-terminal
And here I was thinking this was a Linux desktop. Now that I look at the top of the picture, I can see Windows Explorer C:\ path.
LOL - good point - there are a lot of CDNs on that list. I did probe a couple of the IP/port's though but there wasn't a HTTP listener at the destination othere than at the CDNs.