Command Reference for IPCONFIG MS-DOS Command

Ipconfig is a MS-DOS command-line tool used to display and manage the network settings of your computer. Ipconfig is available on Windows machines, and it displays the current network connection details and DHCP client settings.

Ipconfig is an external MS-DOS command, and is available on Windows 95, Windows 98, ME, NT, 2000, XP and Windows Vista Operating Systems. On Windows 9x machines, a graphical tools such as "winipconfig" or "winipcfg" may be used instead. On Linux machine, the ifconfig command performs equivalent function.

C:\> ipconfig /?

USAGE:
    ipconfig [/? | /all | /renew [adapter] | /release [adapter] |
              /flushdns | /displaydns | /registerdns |
              /showclassid adapter |
              /setclassid adapter [classid] ]

where
    adapter         Connection name
                   (wildcard characters * and ? allowed, see examples)

    Options:
       /?           Display this help message
       /all         Display full configuration information.
       /release     Release the IP address for the specified adapter.
       /renew       Renew the IP address for the specified adapter.
       /flushdns    Purges the DNS Resolver cache.
       /registerdns Refreshes all DHCP leases and re-registers DNS names
       /displaydns  Display the contents of the DNS Resolver Cache.
       /showclassid Displays all the dhcp class IDs allowed for adapter.
       /setclassid  Modifies the dhcp class id.

The default is to display only the IP address, subnet mask and
default gateway for each adapter bound to TCP/IP.

For Release and Renew, if no adapter name is specified, then the IP address
leases for all adapters bound to TCP/IP will be released or renewed.

For Setclassid, if no ClassId is specified, then the ClassId is removed.

Examples:
    > ipconfig                   ... Show information.
    > ipconfig /all              ... Show detailed information
    > ipconfig /renew            ... renew all adapters
    > ipconfig /renew EL*        ... renew any connection that has its
                                     name starting with EL
    > ipconfig /release *Con*    ... release all matching connections,
                                     eg. "Local Area Connection 1" or
                                         "Local Area Connection 2"

C:\>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : topwebhosts
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Intel(R) PRO/Wireless LAN 2100 3B Mi
ni PCI Adapter
        Physical Address. . . . . . . . . : 00-0C-F1-65-5B-70
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 192.168.1.1
        Lease Obtained. . . . . . . . . . : Thursday, February 08, 2007 2:27:17
PM
        Lease Expires . . . . . . . . . . : Thursday, February 15, 2007 2:27:17
PM

Ethernet adapter Local Area Connection:

        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Mobile Connecti
on
        Physical Address. . . . . . . . . : 00-0D-60-FB-4E-E9

To learn the names of ethernet adapters that you can optionally specify with "ipconfig" command, you may simply type ipconfig command by itself. The command output displays all adapters by name that are available on your computer: e.g. "Local Area Connection", "Wireless Network Connection".

Ipconfig command is most often used to diagnose network problem on a Windows machine. If you're using DHCP, you may try releasing and renewing IP address by performing "ipconfig /release" and "ipconfig /renew" commands shown below.

C:\> ipconfig /release
Windows IP Configuration

No operation can be performed on Local Area Connection while it has its media di
sconnected.

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 0.0.0.0
        Subnet Mask . . . . . . . . . . . : 0.0.0.0
        Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection:

        Media State . . . . . . . . . . . : Media disconnected

C:\> ipconfig /renew

Windows IP Configuration

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . :
        IP Address. . . . . . . . . . . . : 192.168.1.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1

To workaround DNS caching issue, you may perform "ipconfig /flushdns" to clear DNS cache value on your computer. DNS uses TTL (Time-To-Live) value which let the intermediate name servers to cache DNS information. If you changed your DNS settings, and your computer doesn't see the change immediately, you may perform "ipconfig /flushdns" to clear the DNS cache.

C:\> ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

FAQ:

On Windows Vista machine, if you are getting an error "The requested operation requires elevation", you'll need to run Command Prompt as an administrator. To do this, you'll need to do the following:

All Programs -> Accessories -> right click Command Prompt and click Run as administrator!

TIA/EIA-568-A, T-568B RJ45 Wiring Standard For wiring straight-through and cross-over RJ-45 cables

RJ-45 conductor data cable contains 4 pairs of wires each consists of a solid colored wire and a strip of the same color. There are two wiring standards for RJ-45 wiring: T-568A and T-568B. Although there are 4 pairs of wires, 10BaseT/100BaseT Ethernet uses only 2 pairs: Orange and Green. The other two colors (blue and brown) may be used for a second Ethernet line or for phone connections.The two wiring standards are used to create a cross-over cable (T-568A on one end, and T-568B on the other end), or a straight-through cable (T-568B or T-568A on both ends). To create a straight-through cable, you'll have to use either T-568A or T-568B on both ends of the cable. The diagram depicted on the left and right shows clip of the RJ-45 connector down. To create a cross-over cable, you'll wire T-568Aon one end and T-568B on the other end of the cable. The straight-through cables are used when connecting Data Terminating Equipment (DTE) to Data Communications Equipment (DCE), such as computers and routers to modems (gateways) or hubs (Ethernet Switches). The cross-over cables are used when connecting DTE to DTE, or DCE to DCE equipment; such as computer to computer, computer to router; or gateway to hub connections. The DTE equipment terminates the signal, while DCE equipment do not. More on straight-through and cross-over connections The RJ45 data cables we use to connect computers to a Ethernet switch is straight-through cables. As noted above, the RJ45 cable uses only 2-pairs of wires: Orange (pins 1 & 2) and Green (pins 3 & 6). Pins 4, 5 (Blue) and 7, 8 (Brown) are NOT used. Straight-through cable, as its name suggests, connects pin 1 to pin 1, pin 2 to pin 2, pin 3 to pin 3, and pin 6 to pin 6. Cross-over cables are used to connect TX+ to RX+, and TX- to RX-, which connects pin 1 to pin 3, pin 2 to pin 6, pin 3 to pin 1 and pin 6 to pin 2. The unused pins are generally connected straight-through in both straight-through and cross-over cables. To network two computers without a hub, a cross-over cable is used. Cross-over cable is also used to connect a router to a computer, or ethernet switch (hub) to another ethernet switch without an uplink. Most ethernet switches today provide an uplink port, which prevents a use of cross-over cable to daisy chain another ethernet switch. Straight-through cables are used to connect a computer to an ethernet switch, or a router to an ethernet switch. Pin Number Designations There are pin number designations for each color in T-568B and T-568A. T-568B T-568A -------------------------- ------------------------ Pin Color Pin Name Color Pin Name --- ------------- -------- ------------- -------- 1 Orange Stripe Tx+ Green Stripe Rx+ 2 Orange Tx- Green Rx- 3 Green Stripe Rx+ Orange Stripe Tx+ 4 Blue Not Used Blue Not Used 5 Blue Stripe Not Used Blue Stripe Not Used 6 Green Rx- Orange Tx- 7 Brown Stripe Not Used Brown Stripe Not Used 8 Brown Not Used Brown Not Used

RJ-45 Wiring FAQ 1. What are T-568A and T-568B wiring standards, and how are they different? T-568A and T-568B are the two wiring standards for RJ-45 connector data cable specified by TIA/EIA-568-A wiring standards document. The difference between the two is the position of the orange and green wire pairs. It is preferable to wire to T-568B standards if there is no pre-existing pattern used within a building. 2. What is RJ stands for? RJ stands for Registered Jacks. These are used in telephone and data jack wiring registered with FCC. RJ-11 is a 6-position, 4-conductor jack used in telephone wiring, and RJ-45 is a 8-position, 8-conductor jack used in 10BaseT and 100BaseT ethernet wiring. 3. What is the Category Rating System? Electronic Industries Association (EIA) developed the TIA/EIA-568-A standard, which specifies wiring and performance standards for Unshielded Twisted Pair (UTP) cabling. Category Rating System specifies the definition of performance categories for 100 ohm UTP cabling system. Category 3 specifies the twisted pair cable and connecting hardware that can support transmission frequency up to 16MHz, and data rates up to 10Mbps. This is primarily used in telephone wiring. Category 4 specifies cables and connectors that supports up to 20MHz and data rates up to 16Mbps. With introduction of category 5, this is a rarely used category. Category 5 specifies cables and connectors that supports up to 100MHz and data rates up to 100Mbps. With 100BaseT Ethernet today, Category 5 is a widely used cabling system that matches todays high-speed data requirements. Category TIA/EIA Standard Description Cat 1 None POTS, ISDN and doorbell wiring Cat 2 None 4 Mbps token ring networks Cat 3 TIA/EIA 568-B 10 Mbps Ethernet - frequency up to 16MHz Cat 4 None 16 Mbps token ring networks - frequency up to 20MHz Cat 5 None 100 Mbps Ethernet - frequency up to 100 MHz Not suitable for GigE (1000BaseT) Cat 5e TIA/EIA 568-B 100 Mbps & GigE Ethernet - frequency up to 100 MHz Cat 6 TIA/EIA 568-B 2x Performance of Cat 5 & 5e - frequency up to 250 MHz Cat 6a None Future specification for 10Gbps application Cat 7 ISO/IEC 11801 Class F Designed for transmission at frequencies up to 600 MHz 4. What is UTP Cable? UTP stands for Unshielded Twisted Pair. It is the cabling system with one or more pairs of twisted insulated copper wires contained in a single sheath. It is the most widely used cabling system in telecommunications and data communications environment today.

What is Subnet Mask?

An IP address has two components, the network address and the host address. A subnet mask separates the IP address into the network and host addresses (). Subnetting further divides the host part of an IP address into a subnet and host address (). It is called a subnet mask because it is used to identify network address of an IP address by perfoming bitwise AND operation on the netmask.

A Subnet mask is a 32-bit number that masks an IP address, and divides the IP address into network address and host address. Subnet Mask is made by setting network bits to all "1"s and setting host bits to all "0"s. Within a given network, two host addresses are reserved for special purpose. The "0" address is assigned a network address and "255" is assigned to a broadcast address, and they cannot be assigned to a host.

Examples of commonly used netmasks for classed networks are 8-bits (Class A), 16-bits (Class B) and 24-bits (Class C), and classless networks are as follows:

Class	Address	# of Hosts	Netmask (Binary)	Netmask (Decimal)
CIDR	/4	240,435,456	11110000 00000000 00000000 00000000	240.0.0.0
CIDR	/5	134,217,728	11111000 00000000 00000000 00000000	248.0.0.0
CIDR	/6	67,108,864	11111100 00000000 00000000 00000000	252.0.0.0
CIDR	/7	33,554,432	11111110 00000000 00000000 00000000	254.0.0.0
A	/8	16,777,216	11111111 00000000 00000000 00000000	255.0.0.0
CIDR	/9	8,388,608	11111111 10000000 00000000 00000000	255.128.0.0
CIDR	/10	4,194,304	11111111 11000000 00000000 00000000	255.192.0.0
CIDR	/11	2,097,152	11111111 11100000 00000000 00000000	255.224.0.0
CIDR	/12	1,048,576	11111111 11110000 00000000 00000000	255.240.0.0
CIDR	/13	524,288	11111111 11111000 00000000 00000000	255.248.0.0
CIDR	/14	262,144	11111111 11111100 00000000 00000000	255.252.0.0
CIDR	/15	131,072	11111111 11111110 00000000 00000000	255.254.0.0
B	/16	65,534	11111111 11111111 00000000 00000000	255.255.0.0
CIDR	/17	32,768	11111111 11111111 10000000 00000000	255.255.128.0
CIDR	/18	16,384	11111111 11111111 11000000 00000000	255.255.192.0
CIDR	/19	8,192	11111111 11111111 11100000 00000000	255.255.224.0
CIDR	/20	4,096	11111111 11111111 11110000 00000000	255.255.240.0
CIDR	/21	2,048	11111111 11111111 11111000 00000000	255.255.248.0
CIDR	/22	1,024	11111111 11111111 11111100 00000000	255.255.252.0
CIDR	/23	512	11111111 11111111 11111110 00000000	255.255.254.0
C	/24	256	11111111 11111111 11111111 00000000	255.255.255.0
CIDR	/25	128	11111111 11111111 11111111 10000000	255.255.255.128
CIDR	/26	64	11111111 11111111 11111111 11000000	255.255.255.192
CIDR	/27	32	11111111 11111111 11111111 11100000	255.255.255.224
CIDR	/28	16	11111111 11111111 11111111 11110000	255.255.255.240
CIDR	/29	8	11111111 11111111 11111111 11111000	255.255.255.248
CIDR	/30	4	11111111 11111111 11111111 11111100	255.255.255.252

Subnetting an IP network is to separate a big network into smaller multiple networks for reorganization and security purposes. All nodes (hosts) in a subnetwork see all packets transmitted by any node in a network. Performance of a network is adversely affected under heavy traffic load due to collisions and retransmissions.

Applying a subnet mask to an IP address separates network address from host address. The network bits are represented by the 1's in the mask, and the host bits are represented by 0's. Performing a bitwise logical AND operation on the IP address with the subnet mask produces the network address. For example, applying the Class C subnet mask to our IP address 216.3.128.12 produces the following network address:

IP:   1101 1000 . 0000 0011 . 1000 0000 . 0000 1100  (216.003.128.012)
Mask: 1111 1111 . 1111 1111 . 1111 1111 . 0000 0000  (255.255.255.000)
      ---------------------------------------------
      1101 1000 . 0000 0011 . 1000 0000 . 0000 0000  (216.003.128.000)

Subnetting Network 

Here is another scenario where subnetting is needed. Pretend that a web host with a Class C network needs to divide the network so that parts of the network can be leased to its customers. Let's assume that a host has a network address of 216.3.128.0 (as shown in the example above). Let's say that we're going to divide the network into 2 and dedicate the first half to itself, and the other half to its customers.

216 .   3 . 128 . (0000 0000)  (1st half assigned to the web host)
   216 .   3 . 128 . (1000 0000)  (2nd half assigned to the customers)

The web host will have the subnet mask of 216.3.128.128 (/25). Now, we'll further divide the 2nd half into eight block of 16 IP addresses.

216 .   3 . 128 . (1000 0000)  Customer 1 -- Gets 16 IPs (14 usable)
   216 .   3 . 128 . (1001 0000)  Customer 2 -- Gets 16 IPs (14 usable)
   216 .   3 . 128 . (1010 0000)  Customer 3 -- Gets 16 IPs (14 usable)
   216 .   3 . 128 . (1011 0000)  Customer 4 -- Gets 16 IPs (14 usable)
   216 .   3 . 128 . (1100 0000)  Customer 5 -- Gets 16 IPs (14 usable)
   216 .   3 . 128 . (1101 0000)  Customer 6 -- Gets 16 IPs (14 usable)
   216 .   3 . 128 . (1110 0000)  Customer 7 -- Gets 16 IPs (14 usable)
   216 .   3 . 128 . (1111 0000)  Customer 8 -- Gets 16 IPs (14 usable)
   -----------------------------
   255 . 255 . 255 . (1111 0000)  (Subnet mask of 255.255.255.240)

CIDR - Classless Inter Domain Routing 

Classless InterDomain Routing (CIDR) was invented to keep the Internet from running out of IP Addresses. The IPv4, a 32-bit, addresses have a limit of 4,294,967,296 (2³²) unique IP addresses. The classful address scheme (Class A, B and C) of allocating IP addresses in 8-bit increments can be very wasteful. With classful addressing scheme, a minimum number of IP addresses allocated to an organization is 256 (Class C). Giving 256 IP addresses to an organization only requiring 15 IP addresses is wasteful. Also, an organization requiring more than 256 IP addresses (let's say 1,000 IP addresses) is assigned a Class B, which allocates 65,536 IP addresses. Similarly, an organization requiring more than 65,636 (65,634 usable IPs) is assigned a Class A network, which allocates 16,777,216 (16.7 Million) IP addresses. This type of address allocation is very wasteful.

With CIDR, a network of IP addresses is allocated in 1-bit increments as opposed to 8-bits in classful network. The use of a CIDR notated address can easily represent classful addresses (Class A = /8, Class B = /16, and Class C = /24). The number next to the slash (i.e. /8) represents the number of bits assigned to the network address. The example shown above can be illustrated with CIDR as follows:

216.3.128.12, with subnet mask of 255.255.255.128 is written as
   216.3.128.12/25

   Similarly, the 8 customers with the block of 16 IP addresses can be
   written as:

   216.3.128.129/28, 216.3.128.130/28, and etc.

With an introduction of CIDR addressing scheme, IP addresses are more efficiently allocated to ISPs and customers; and hence there is less risk of IP addresses running out anytime soon. For detailed specification on CIDR, please review RFC 1519. With introduction of additional gaming, medical, applicance and telecom devices requiring static IP addresses in addition to more than 6.5 billion (July 2006 est.) world population, the IPv4 addresses with CIDR addressing scheme will eventually run out. To solve shortage of IPv4 addresses, the IPv6 (128-bit) address scheme was introduced in 1993.

What is DHCP (Dynamic Host Configuration Protocol)?

DHCP, Dynamic Host Configuration Protocol, is a communications protocol that dynamically assigns unique IP addresses to network devices. As a network device joins or leaves an IP-based network, DHCP automatically renews or releases an IP address.

DHCP runs in a client/server mode, where server sets up a pool of available IP addresses for a network. A DHCP server also provides network gateway, subnet masks, name server addresses and amount of time ("lease") that a given IP address will be valid. A DHCP client retrieve those parameters and use them to join the existing network.

DHCP allows network administrators centrally manage and automate the assignment of the IP addresses without having to worry about assigning duplicate addresses, making network administration a lot easier to manage.

What is TCP/IP?

TCP/IP, Transmission Control Protocol/Internet Protocol, is a suite of communications protocols used to interconnect network devices on the Internet. TCP/IP implements layers of protocol stacks, and each layer provides a well-defined network services to the upper layer protocol. TCP and IP are the two protocols used by TCP/IP, as well as the (higher) application, (lower) data link and (lower) physical layer protocols.

Layer	Protocols
5. Application	DNS, FTP, HTTP, IMAP, POP3, SMTP, SSH, Telnet, SSL, ...
4. Transport	TCP, UDP, ...
3. Network	IP (IPv4, IPv6), ICMP, ARP, ...
2. Data Link	802.3 (Ethernet), 802.11 (Wi-Fi), PPP, ...
1. Physical	Ethernet (NIC), Wireless (NIC), Cat 5/RJ-45, ...

What is Denial of Service (DoS) attack?

DoS attack, denial-of-service attack, is an explicit attempt to make a computer resource unavailable by either injecting a computer virus or flooding the network with useless traffic. There are two types of DoS attacks: computer attack and network attack. Common forms of denial os services attacks are:

Ping of death 

Ping of death is caused by an attacker deliverately sending a ping packet, normally 64 bytes, that is larger than the 65,535 bytes. Many computer systems cannot handle an IP packet larger than the maximum IP packet size of 65,535, and often causes computer systems crash. It is illegal to send aping packet of size greater than 65,535, but a packet of such size can be sent if it is fragmented. When a receiving computer reassembles the packet, a buffer overflow occurs, which often causes computer to crash. This exploit has affected a wide variety of systems including Unix, Linux, Mac, Windows and routers; but the fixes have been applied since 1997 making this exploit mostly historical.

Ping of flood 

Ping of flood is caused by an attacker overwhelming the victim's network with ICMP Echo Request (ping) packets. This is a fairly easy attack to perform without extensive network knowledge as manyping utilities support this operation. A flood of ping traffic can consume singificant bandwidth on low to mid-speed networks bringing down a network to a crawl.

Smurf Attack 

Smurf attach exploits the target by sending repeated ping request to broadcast address of the target network. The ping request packet often uses forged IP address (return address), which is the target site that is to receive the denial of service attack. The result will be lots of ping replies flooding back to the innocent, spoofed host. If number of hosts replying to the ping request is large enough, the network will no longer be able to receive real traffic.

SYN Floods 

When establishing a session between TCP client and server, a hand-shaking message exchange occurs betwen a server and client. A session setup packet contains a SYN field that identifies the sequence in the message exchange. An attacker may send a flood of connection request and do not respond to the replies, which leaves the request packets in the buffer so that legitimate connection request can't be accommodated.

Teardrop Attack 

Teardrop attack exploits by sending IP fragment packets that are difficult to reassemble. A fragment packet identifies an offset that is used to assemble the entire packet to be reassembled by the receiving system. In the teardrop attack, the attacker's IP puts a confusing offset value in the sebsequent fragments and if the receiving system doesn't know how to handle such situation, it may cause the system to crash.

Mail Bomb 

Unauthorized users send large number of email messages with large attachments to a particular mail server, filling up disk space resulting in denied email services to other users.

What is distributed DoS (DDoS) attack? 

DDoS (Distributed Denial Of Service) is a tactic used to attack a victim from multiple compromised computers. Attacker installs a virus or trojan software on compromised systems, and use them to flood a victim's network in a way that the victim's server cannot handle it.

DDoS involves 3 parties: an offender, helpers and a victim. The offender is the one who plots the attack, and helpers are the machines that are compromised by the offender to launch attack against a victim (the target). The offender commands the helpers to attack the victim's host at the precisely same time. Due to this co-ordinated nature between the offender and helpers, the DDoS is also known as co-ordinated attack.

Resolutions 

If you suspect a DoS or DDoS attack due to a significant network slowdown or denied service, you may execute a few diagnostic Linux commands to find a host under attack.

First, you'll have to identify a host under DoS or DDoS attack. To do this, you'll have to monitor network traffic and see where the traffic is coming from and where they are going. This can be done with ethereal or tethereal Linux command.

# tethereal
  0.809751  10.1.1.5 -> 192.168.1.4 IP Fragmented IP protocol 
(proto=UDP 0x11, off=2960)
  0.810357  10.1.1.5 -> 192.168.1.4 IP Fragmented IP protocol 
(proto=UDP 0x11, off=1480)
...

## If you do not have ethereal installed, you may use 'yum' to
## install it on your system.
# yum install tethereal

Once you have identified the host, logon to the server and find server load. You may use w, uptimecommand to find server load. You may also use top and ps commands to determin Linux process that consumes most resource. To learn more about top command output, please read an article abouthigh volume traffic.

# uptime
 15:19:51 up 127 days, 5:39, 2 users, load average: 10.78, 8.68,
4.82

# top
top - 15:20:02 up 127 days, 5:39, 2 users,  load average: 10.78,
 8.68, 4.82
Tasks: 170 total,   6 running, 163 sleeping, 0 stopped, 1 zombie
Cpu(s): 3.5% us, 1.7% sy, 0.1% ni, 94.3% id, 0.4% wa, 0.0% hi,
 0.0% si
Mem:   2074924k total,  2046676k used,    28248k free,    58692k
 buffers
Swap:  4192956k total,      144k used,  4192812k free,  1553828k
 cached

  PID USER   PR NI  VIRT  RES SHR S %CPU %MEM   TIME+  COMMAND
14815 apache 25  0 52776  628 500 R 98.6  0.0  9:59.91 cw7.3

DoS and DDoS attacks occur due to running vulnerable software on your server(s). The attackers use known application vulnerability and security holes to compromise the servers in different network either by installing viruses and trojan horses (intrusion) or initiate DDoS attacks. To prevent DoS and DDoS attacks, you may take following actions.

1. Install Intrusion Detection System (IDS) such as Advanced Intrusion Detection Environment (AIDE). For installation procedure, consult Linux Gazzette. Perform regular system audits by installing and running RKHUNTER and CHROOTKIT to make sure installed Linux binaries are healthy. You may also install open-source network audit tools like NESSSUS, NMAP, and SAINT and perform regular network audits for vulnerabilities.

2. Implement Sysctl. Prevent ping attacks (ping of death, ping of flood, and smurf attacks) by disabling ping responses on the network machines. Enable IP Spoofing protection, and TCP SYN Cookie Protection. On Linux variant machines, follow sysctl configuration procedure.

3. Install advanced firewall and DDoS utilities. To secure your server and protect from DoS attacks, you may want to install APF, BFD, DDoS and Rootkit. To install those utilities, please follow DDoS Prevention: APF, BFD, DDoS and RootKit setup procedure.

APF: Advanced Policy Firewall
BFD: Brute Force Detection
DDoS: DDoS Deflate
Rootkit: Spy and Junkware detection and removal tool

4. Install Apache mod_evasive and mod_security modules to protect against HTTP DDoS attacks. For installation procedures, consult mod_evasive and mod_security how-tos.

For more technical information, please visit CERT or Wikipedia.