Questions tagged [syn]
43 questions
0
votes
1 answer
Fallout from apparent dos attack - httpd trying to contact attacker
I have a server running multiple web hosts (all internally managed) which was the subject of what looked like a dos attack last night. I blocked the attacking IP in IPTABLES for both input and output chains. That seemed to solve the problem and I…
0
votes
2 answers
Count number of incoming connection on a port - Linux
We have a server which listens on port X. The server has a large number of clients, from time to time the process gets hung, I am seeing SYN flooding messages in the log. I have been trying to tune relevant tcp configuration params.
I would like a…
![](../../users/profiles/284384.webp)
Sridhar Chidurala
- 167
- 1
- 7
0
votes
0 answers
"Filtered" port when accessing server
I'm having periodic trouble accessing one of my DigitalOcean servers from Azure machines.
I have isolated a test that - I believe - demonstrates the issue and captured a tcpdump from the server for both the working example and the not working…
![](../../users/profiles/85425.webp)
Charles Offenbacher
- 145
- 6
0
votes
1 answer
Windows Server 2008 sending regular TCP DNS requests to Forwarders
Our organization's primary DNS server is a Windows Server 2008 which two Forwarders set. I happened to notice on our firewall that this server is sending out regular TCP requests to the Forwarders in addition to the standard UDP queries. I ran…
![](../../users/profiles/2290.webp)
Andrew S
- 498
- 3
- 7
- 12
0
votes
1 answer
Interpreting ** RABHIT ** logs - Potential Attak - SYN?
I am hosting a web on a Linux - Debian Wheezy x64. Our Web Server is LiteSpeed
using APF-Firewall and DDoS-Defeat
Recently, we are getting logs of below sort, telling us it may be a potential attack (??), however searches allowing to understand…
0
votes
1 answer
What is maximum legitimate SYN traffic rate
Recently my server gets syn flood attack. I use hitcount limitation, but I wonder what is the maximum rate of legitimate syn traffic for a single user IP. The source-IP based rule I use is blow;
iptables -A INPUT -p tcp --syn -m recent --update…
![](../../users/profiles/205016.webp)
afelaho
- 101
- 1
0
votes
0 answers
FTP accesable on LAN, but not to port forwarded WAN on public IP address
I have been dealing with this issue a number of different times now, and each time I work on it I can not determine a solution. I have searched these forums, my firewall forums and worked with a few firewall admins, as well as working with the…
![](../../users/profiles/985351.webp)
VEnArdoP
- 1
0
votes
2 answers
How to detect an intranet SYN flood?
I got this problem: whenever I plug a Linux-server into the intranet, the whole network slows down and then die. Every ping/ssh connection between the intranet yields time out.
I unplugged it, then everything came back to normal. Searching around…
![](../../users/profiles/139166.webp)
EyeQ Tech
- 131
- 1
- 1
- 6
0
votes
2 answers
Continuous RST, ACK flags from the same source
Can anyone help me better understand what is going on here? I keep receiving "broken pipe" errors that say the connection is being reset by the peer. Also, I thought 192.168.114.30 was the client, but from my reading, the original SYN in a handshake…
![](../../users/profiles/980641.webp)
Jonny Hoffman
- 1
- 2
0
votes
1 answer
Apache on Debian : server flooded by a lot of 400 , how to protect from it?
My HTTPS server has been experiencing slowness for a few days, so I consulted the log file (the access.log, I use apache2). And I found out that my server is flooded by a lots of 400 :
If I change the apache config for stop listening the port 443,…
![](../../users/profiles/331088.webp)
spacecodeur
- 107
- 4
0
votes
0 answers
Large number of RST/ACK packages from my Ruby on Rails server
I have a Rails server (ROR) behind my Firewall (FWL). ROR must constantly send information to Digital Ocean Spaces (DOS). Note that ROR is not in Digital Ocean datacenter.
ROR <--> FWL <--> Internet <--> DOS
My firewall has the following rule:
#…
![](../../users/profiles/926665.webp)
Gilberto Martins
- 37
- 5
0
votes
0 answers
netcat no reaction to syn packet crafted with gopacket
I want to do some experiments with TCP packets. Therefore I am using the gopacket (v1.1.19) to craft packets and send them onto an interface.
I have this code for creating a SYN packet and putting it on loopback and sending to 127.0.0.1:8888 where I…
-1
votes
1 answer
Run shell script on the event of "possible SYN flooding"
I'd like to write a script that gets all the stats I need (top IPs, used memory, netstat, etc) at the time I got an SYN flooding, and write to a report file.
So, is it possible to trigger a script/command when the kernel alerts for "possible SYN…
![](../../users/profiles/53856.webp)
Nuno
- 461
- 1
- 5
- 23