Highest Voted 'syn' Questions - Server Fault Stack Exchange

0

votes

1 answer

Fallout from apparent dos attack - httpd trying to contact attacker

I have a server running multiple web hosts (all internally managed) which was the subject of what looked like a dos attack last night. I blocked the attacking IP in IPTABLES for both input and output chains. That seemed to solve the problem and I…

httpd ddos syn

asked Aug 31 '18 at 09:43

Bob Howlett

1

0

votes

2 answers

Count number of incoming connection on a port - Linux

We have a server which listens on port X. The server has a large number of clients, from time to time the process gets hung, I am seeing SYN flooding messages in the log. I have been trying to tune relevant tcp configuration params. I would like a…

tcp tcpdump syn

asked May 09 '16 at 13:36

Sridhar Chidurala

167
1
7

0

votes

0 answers

"Filtered" port when accessing server

I'm having periodic trouble accessing one of my DigitalOcean servers from Azure machines. I have isolated a test that - I believe - demonstrates the issue and captured a tcpdump from the server for both the working example and the not working…

azure tcpdump nmap syn

asked Oct 27 '15 at 01:48

Charles Offenbacher

145
6

0

votes

1 answer

Windows Server 2008 sending regular TCP DNS requests to Forwarders

Our organization's primary DNS server is a Windows Server 2008 which two Forwarders set. I happened to notice on our firewall that this server is sending out regular TCP requests to the Forwarders in addition to the standard UDP queries. I ran…

windows-server-2008 domain-name-system tcp syn

asked Feb 27 '15 at 20:50

Andrew S

498
3
7
12

0

votes

1 answer

Interpreting RABHIT logs - Potential Attak - SYN?

I am hosting a web on a Linux - Debian Wheezy x64. Our Web Server is LiteSpeed using APF-Firewall and DDoS-Defeat Recently, we are getting logs of below sort, telling us it may be a potential attack (??), however searches allowing to understand…

linux security syn

asked Jul 30 '14 at 02:45

Yokoshima Fukuma

1

0

votes

1 answer

What is maximum legitimate SYN traffic rate

Recently my server gets syn flood attack. I use hitcount limitation, but I wonder what is the maximum rate of legitimate syn traffic for a single user IP. The source-IP based rule I use is blow; iptables -A INPUT -p tcp --syn -m recent --update…

iptables attacks syn

asked Feb 28 '14 at 11:50

afelaho

101
1

0

votes

0 answers

FTP accesable on LAN, but not to port forwarded WAN on public IP address

I have been dealing with this issue a number of different times now, and each time I work on it I can not determine a solution. I have searched these forums, my firewall forums and worked with a few firewall admins, as well as working with the…

ftp windows-server-2016 syn

asked Sep 22 '22 at 03:06

VEnArdoP

1

0

votes

2 answers

How to detect an intranet SYN flood?

I got this problem: whenever I plug a Linux-server into the intranet, the whole network slows down and then die. Every ping/ssh connection between the intranet yields time out. I unplugged it, then everything came back to normal. Searching around…

ddos intranet flooding syn

asked Sep 19 '22 at 07:56

EyeQ Tech

131
1
1
6

0

votes

2 answers

Continuous RST, ACK flags from the same source

Can anyone help me better understand what is going on here? I keep receiving "broken pipe" errors that say the connection is being reset by the peer. Also, I thought 192.168.114.30 was the client, but from my reading, the original SYN in a handshake…

tcp reset syn rst

asked Aug 20 '22 at 12:47

Jonny Hoffman

1
2

0

votes

1 answer

Apache on Debian : server flooded by a lot of 400 , how to protect from it?

My HTTPS server has been experiencing slowness for a few days, so I consulted the log file (the access.log, I use apache2). And I found out that my server is flooded by a lots of 400 : If I change the apache config for stop listening the port 443,…

apache-2.4 ddos syn

asked Jun 12 '22 at 22:52

spacecodeur

107
4

0

votes

0 answers

Large number of RST/ACK packages from my Ruby on Rails server

I have a Rails server (ROR) behind my Firewall (FWL). ROR must constantly send information to Digital Ocean Spaces (DOS). Note that ROR is not in Digital Ocean datacenter. ROR <--> FWL <--> Internet <--> DOS My firewall has the following rule: #…

iptables connection syn

asked Jan 17 '22 at 21:53

Gilberto Martins

37
5

0

votes

0 answers

netcat no reaction to syn packet crafted with gopacket

I want to do some experiments with TCP packets. Therefore I am using the gopacket (v1.1.19) to craft packets and send them onto an interface. I have this code for creating a SYN packet and putting it on loopback and sending to 127.0.0.1:8888 where I…

tcp netcat syn go

asked Nov 02 '21 at 11:13

jonathan-dev

1

-1

votes

1 answer

Run shell script on the event of "possible SYN flooding"

I'd like to write a script that gets all the stats I need (top IPs, used memory, netstat, etc) at the time I got an SYN flooding, and write to a report file. So, is it possible to trigger a script/command when the kernel alerts for "possible SYN…

linux tcp ddos scalability syn

asked Jun 29 '16 at 21:14

Nuno

461
1
5
23

Questions tagged [syn]