I am hosting a web on a Linux - Debian Wheezy x64. Our Web Server is LiteSpeed
- using APF-Firewall and DDoS-Defeat
Recently, we are getting logs of below sort, telling us it may be a potential attack (??), however searches allowing to understand this specific situation have bring zero useful results.
Could you please bring more light on this sort of logs? Should we should have to care about it? If yes, any suggestions?
www kernel: [2175206.842121] ** RABHIT ** IN=eth0 OUT= MAC=02:00:00:5b:00:82:10:bd:18:e5:ff:80:08:00 SRC=195.39.196.50 DST=xx.xx.xx.xx LEN=44 TOS=0x08 PREC=0x00 TTL=52 ID=0 PROTO=TCP SPT=80 DPT=1 WINDOW=0 RES=0x00 ACK SYN URGP=0
The DST is of source the machine's IP
There is no plenty of repeated logs like this, 1-3 from time to time - different SRC IPs
Thank you