[nylug-talk] Help: Under Attack! (SYN flood)
Kevin Mark
kevin.mark at verizon.net
Sat Nov 3 23:03:32 EDT 2007
On Sat, Nov 03, 2007 at 10:52:08PM -0400, Joachim Stahl wrote:
> Need help.
>
> One of my sites is under a SYN flood attack. /var/log/messages is filled
> with this:
>
> Nov 3 22:34:45 matrix kernel: possible SYN flooding on port 80. Sending
> co$
> tcpdump shows the attackers, and I tried to put some rules in my iptables
> that block them, but either I am using iptables wrong or something else
> is the matter.
>
> I have this line in iptables:
>
> iptables -A INPUT -i eth0 -s 11.22.33.44 -j DROP
>
> and that seems to work -- the command "watch iptables -nvL" shows that
> packets are being dropped. Yet I can still see the SYN packets coming in
> when I run tcpdump and the messages to the logfiles haven't abated.
>
> What do I do?
>
DONT PANIC
Well if you used google, it would have pointed to the first hit[0].
HTH
K
[0] http://www.securityfocus.com/infocus/1729
--
| .''`. == Debian GNU/Linux == | my web site: |
| : :' : The Universal |mysite.verizon.net/kevin.mark/|
| `. `' Operating System | go to counter.li.org and |
| `- http://www.debian.org/ | be counted! #238656 |
| my keyserver: subkeys.pgp.net | my NPO: cfsg.org |
|join the new debian-community.org to help Debian! |
|_______ Unless I ask to be CCd, assume I am subscribed _______|
More information about the nylug-talk
mailing list