|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: DOS attack on my webserver!!!
From: Gary Alexander (gary
ROOT.ORG.ZA)Date: Fri Oct 13 2000 - 02:00:59 CDT
- Next message: Henry Luciano: "Re: Newbie: what does this mean?"
- Previous message: Gary Alexander: "Re: nmap"
- In reply to: swamy: "DOS attack on my webserver!!!"
- Next in thread: Stephen Kreusch: "Re: DOS attack on my webserver!!!"
- Reply: Gary Alexander: "Re: DOS attack on my webserver!!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 12 Oct 2000, swamy wrote:
> yesterday, i couldn't give any services for genuine users of
> my webserver. I found nearly some 400 tcp "syn-recived" and some 100
> "established" tcp port 80 connections from a single host!
This sounds like a syn flood attack. It would be pointless to firewall
out the address because it can be spoofed. The most effective way to stop
this would be to recompile your kernel with TCP_SYN_COOKIE support.
This will fix the problem with syn flooding.
> Can some one tell me how to stop these kind of attacks or atleast
> how to make my server get back to it's original status !!
Try rebooting the box, you will need to anyway to run the freshly
compiled kernel.
>
> thanx in advance,
>
> swamy
Gary
-- "There are more things in heaven and earth, Horatio, than are dreamed of in your philosophies." - Hamlet8:56am up 5 days, 23:39, 2 users, load average: 0.08, 0.07, 0.11
- Next message: Henry Luciano: "Re: Newbie: what does this mean?"
- Previous message: Gary Alexander: "Re: nmap"
- In reply to: swamy: "DOS attack on my webserver!!!"
- Next in thread: Stephen Kreusch: "Re: DOS attack on my webserver!!!"
- Reply: Gary Alexander: "Re: DOS attack on my webserver!!!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]