Someone suggested that a good way to measure DDoS might be to monitor the number of threads in a process. Under attack, the process of a service might react by creating more threads to handle the new connections. But, how to do it? Someone suggested that a command like:
ps uH p `ps -C <appname> -o pid=` | wc -l
would do it, where '<appname>' is the name of the process being queried. The bit inside the backticks merely retrieves the pid of the named process. It doesn't have to be the precise name – but it does have to be a unique substring of that process's name. The 'wc -l' bit counts the number of lines in the output of ps, which corresponds to the number of threads. Using the same technique as for the current CPU and memory usage it is easy to retrieve the current number of threads from any process. First set the current app name:
snmpset -v2c -c public localhost DOSTF-MIB::dosTFCurrentAppName.0 = firefox
Then, issue an snmpget on the number of threads for the current application:
snmpget -v2c -c public localhost DOSTF-MIB::dosTFCurrentAppThreadCount.0
And you should get the number of threads printed out:
DOSTF-MIB::dosTFCurrentAppThreadCount.0 = INTEGER: 13
No comments:
Post a Comment