[nylug-talk] Help: Under Attack! (SYN flood)
Joachim Stahl
jstahl88 at gmail.com
Sat Nov 3 22:52:08 EDT 2007
Need help.
One of my sites is under a SYN flood attack. /var/log/messages is filled
with this:
Nov 3 22:34:45 matrix kernel: possible SYN flooding on port 80. Sending
co$
tcpdump shows the attackers, and I tried to put some rules in my iptables
that block them, but either I am using iptables wrong or something else
is the matter.
I have this line in iptables:
iptables -A INPUT -i eth0 -s 11.22.33.44 -j DROP
and that seems to work -- the command "watch iptables -nvL" shows that
packets are being dropped. Yet I can still see the SYN packets coming in
when I run tcpdump and the messages to the logfiles haven't abated.
What do I do?
Joe
More information about the nylug-talk
mailing list