Questions tagged [flooding]

73 questions
32
votes
4 answers

My server room has flooded

We recently went through a hurricane and our server room became flooded. Hooray for insurance. Anyway, I need to save as much data off one of the hard drives as possible. Yes, it was submerged for the better part of two days. Do I need to open…
31
votes
3 answers

"Possible SYN flooding" in log despite low number of SYN_RECV connections

Recently we had an apache server which was responding very slowly due to SYN flooding. The workaround for this was to enable tcp_syncookies (net.ipv4.tcp_syncookies=1 in /etc/sysctl.conf). I posted a question about this here if you want more…
Alex Forbes
  • 2,392
  • 2
  • 19
  • 26
9
votes
4 answers

Amazon EC2 bandwidth charges in case of unwanted incoming traffic(ddos/flood)?

What happens if my EC2 instance gets ddosed/flooded, which could potentially go up to tens of gigabytes an hour(and even more) of undesired incoming traffic, will i be charged for this traffic? My guess is yes, but what can i do in such nightmare…
Shinnok
  • 319
  • 2
  • 8
5
votes
1 answer

every minute - possible SYN flooding on port 80

On our Linux server from time to time we get well known SYN flood message: possible SYN flooding on port 80 this is probably not an attack because website traffic is big. However from some time those messages began to come every ~60 seconds. What i…
Nick
  • 786
  • 2
  • 12
  • 37
5
votes
2 answers

Switch Floods Packets that should be Unicast

I work as a Network Admin in a big company. Lately we noticed an issue with our network infrastructure. Basically our network backend lies on a Catalyst as main L3 backend switch, and few Cisco Nexus switches as edge L2 switches, connected to that…
amito
  • 153
  • 1
  • 6
4
votes
0 answers

Fail2ban floods and slow response time

I tried searching for this; I found many people asking but I wasn't successfully to find a working (for me) solution. I have an application that logs each connection on a custom log file. When fail2ban detect more than 10 connections in 5 second…
4
votes
1 answer

Finding google unusual traffic

We are a small Internet provider. In order to get Internet access we are using NAT (10-20 users per one public IP). And lately we've met with Google blocking services (captcha and full block) and we were unable to find a proper solution for our…
Alex
  • 231
  • 2
  • 4
3
votes
1 answer

MAC layer unicast flooding a switched network

The network in question: It is a fully switched network with no routing. There is no known RSPT problems. There are 10 small switches. Each small switch has many small industrial devices talking to each other within that small switch. There is 1…
ugn
  • 31
  • 4
2
votes
1 answer

TMG only windows 2008 r2 installing. NOT WORKING windows server 2012 r2

TMG Forefront only working windows server 2008 or 2008R2 - Not working windows server 2012. How to mitigation windows server 2012R2 - Flood attacks,http attacks ? Please help how to build windows server 2012R2 Maximum TCP connect requests per minute…
2
votes
1 answer

Apache access.log flood with GET ...HTTP/1.1" requests

I have a server with Ubuntu 14.04, laravel 5.2 framework. On the last 24 hours somebody continously send flood requests from different ip adresses as shown below (log/apache2/access.log): 198.46.157.112 - - [18/Oct/2016:17:44:04 +0100] "GET…
2
votes
2 answers

Linux bonding (balance-tlb), KVM guests and L2 switches = unicast flooding?

I have a unicast flooding problem on my network, that started when I moved some software to virtualized guests. It seems very similar to what reported here: Switch flooding when bonding interfaces in Linux . That question dates back to 2012... so…
z2k
  • 103
  • 5
2
votes
0 answers

Protecting network from a broadcast storm

We have a flat office network tree built on a number of different ProCurve L2 and L3 GigE switches that spans some 300 ports. Today I found that one of the devices in the network for a short period of time causes excessive broadcast that causes…
Dmitri Chubarov
  • 2,296
  • 1
  • 15
  • 28
2
votes
4 answers

How to protect Lighttpd from DOS attacks and flooding?

I have a problem with Lighttpd because someone started to use some Web downloader from very good connection and it blocked my whole website. Is there any way to protect Lighttpd from DDOS attacks and flooding?
Tom Smykowski
  • 1,115
  • 5
  • 19
  • 27
2
votes
3 answers

IPTABLES block User-Agent

I get DDoS by the Wordpress Pingback BOTNET, now I want to block all client who contain Wordpress in there Useragents. For example: WordPress/4.0; http://vk.lokos.net; verifying pingback from 107.158.239.82 I need to block for both HTTP port 80 and…
user3135461
  • 61
  • 2
  • 5
2
votes
1 answer

How to protect from spoofed SYN flood on a Linux machine?

I have a server (2 x E2620, 32 GB RAM, Debian 6 Linux us-fw 2.6.32-5-amd64 #1 SMP Mon Feb 25 00:26:11 UTC 2013 x86_64 GNU/Linux, 10G Intel Ethernet Card). It has an Nginx proxy server inside. Idea is to use it as a frontend against DDoS attacks.…
Sergey Lensky
  • 21
  • 1
  • 2
1
2 3 4 5