[nylug-talk] Help: Under Attack! (SYN flood)
Ruben Safir
ruben at mrbrklyn.com
Sat Nov 3 23:03:16 EDT 2007
route add -net 11.22.33.0 netmask 255.255.255.0 reject
On Sat, Nov 03, 2007 at 10:52:08PM -0400, Joachim Stahl wrote:
> Need help.
>
> One of my sites is under a SYN flood attack. /var/log/messages is filled
> with this:
>
> Nov 3 22:34:45 matrix kernel: possible SYN flooding on port 80. Sending
> co$
> tcpdump shows the attackers, and I tried to put some rules in my iptables
> that block them, but either I am using iptables wrong or something else
> is the matter.
>
> I have this line in iptables:
>
> iptables -A INPUT -i eth0 -s 11.22.33.44 -j DROP
>
> and that seems to work -- the command "watch iptables -nvL" shows that
> packets are being dropped. Yet I can still see the SYN packets coming in
> when I run tcpdump and the messages to the logfiles haven't abated.
>
> What do I do?
>
> Joe
> _____________________________________________________________________________
> Hire expert Linux talent by posting jobs here :: http://jobs.nylug.org
> The nylug-talk mailing list is at nylug-talk at nylug.org
> The list archive is at http://nylug.org/pipermail/nylug-talk
> To subscribe or unsubscribe: http://nylug.org/mailman/listinfo/nylug-talk
--
http://www.mrbrklyn.com - Interesting Stuff
http://www.nylxs.com - Leadership Development in Free Software
So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998
http://fairuse.nylxs.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
"Yeah - I write Free Software...so SUE ME"
"The tremendous problem we face is that we are becoming sharecroppers to our own cultural heritage -- we need the ability to participate in our own society."
"> I'm an engineer. I choose the best tool for the job, politics be damned.<
You must be a stupid engineer then, because politcs and technology have been attached at the hip since the 1st dynasty in Ancient Egypt. I guess you missed that one."
© Copyright for the Digital Millennium
More information about the nylug-talk
mailing list