|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] Under DDoS Attack...
suse
karsites.net
Date: Thu Oct 27 2005 - 10:41:53 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Check this link out.
http://www.grc.com/dos/drdos.htm
If you can identify the IP addresses where the bad packets
are coming from, you may be able to contact your ISP, tell
them what is happening, and ask them to program their
routers to stop the bad packets getting to your part of the
network.
HTH - Keith Roberts
On Thu, 27 Oct 2005, media Formel4 wrote:
> To: suse-securitysuse.com
> From: media Formel4 <infoformel4.de>
> Subject: [suse-security] Under DDoS Attack...
>
> Hi list,
>
> right now we're experiencing a (for me) very uncommon DDoS attack against
> one of our webservers. Looking with netstat we find hundreds of
> established connections to our Apache webserver, but nothing in the logs -
> which means the attacker opens up a connection (not only a SYN request as
> in SYN flood attacks) and then blocks the Apache child until it hits
> timeout. This attack comes from thousands of IP numbers (bots?) all over
> the world.
>
> Question is:
>
> - Is it possible with spoofed IP numbers to establish connections to port
> 80? As far as I know you should get stuck after "SYN".
>
> - How can I secure this server and/or stop this attack?
>
> Thanks,
>
> Ralf Koch
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-helpsuse.com
> Security-related bug reports go to securitysuse.de, not here
>
>
>
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]