SYN Flooding
May 13, 2008Well I've tried Staminus and Awknet and they both just seem to rate-limit if I get like 300MBIT SYN, is there any provider that won't just rate-limit but will actually filter the attack for around $200/mo?
View 7 Replies
ADVERTISEMENT
Packet Flooding ...
May 8, 2009I have been faced with a packet flooding issue.
Quick scenario, I run a few public game servers, and we have had a member go insane.
This member has been using a piece of software, to do a simple DDoS attack, and when they perform this attack, it laggs everybody out, and takes down the individual game server.
While this is occurring, I have been watching with a network analyzer program, and noticed the packets go sky high (from 4.4k to 150k+).
So, I am in need of a quick, piece of software that can block flood attacks, or whatever is going on.
Possible SYN Flooding On Port 80
Aug 15, 2007my new server performs strange
I checked /var/log/messages
there are full of these messages
possible SYN flooding on port 80. Sending cookies.
kernel: printk: 84 messages suppressed.
kernel: nf_conntrack: table full, dropping packet.
my site is a huge site, thousands of ppl online
I think i am not been attacked, but kernel think so.
How to resovle this problem.
How can I stop netfilter from kernel
kernel:@2.6.22.1-32.fc6
2 xoen 2.8g, 2gb ram, 73gb scsi hd
I'm Under A Syn Flooding Attack From Single IP
Apr 12, 2009My website has been under a constant Syn Flood DoS attack for the past few days. However, the attack originates from a single IP address that changes every few hours (Possibly a syn flood script with IP spoofing capabilities).
The Syn Flood attack isn't creating any spike whatsoever in my usage graphs, however, its still rather annoying. What firewall should I use to combat the DoS attack?
Apache HTTP Flooding
Aug 15, 2007Someone seems to be flooding our HTTP server somehow. We use the latest version of Apache on Windows.
Is there any Windows modules that can filter the total amount of IP connections, or something built into Windows that could filter this?
Script To Stop Syn Flooding - Syn Deflate
Jul 21, 2007I made a thread about this in programming as I was trying to figure it out but I ended up tweaking dos deflate a lil and got it working. Tried and tested as well during low bandwidth syn flood. Keep in mind if you are having massive syn attacks then most of it will have to be filtered on the network level. I have filtering from staminus on my server, this is just for the low bandwidth stuff that gets through.
Syn-deflate is just a name I came up with as it is based on dos-deflate, only a few changed features. I dont know how medialayer would feel about me modifying their script this way I know they got lisence and copywrite on it. Guess I will talk to them about that before any official release.
especially about the csf version.
So I always have used some dos deflate features to monitor dos in my servers, just the netstat command. This one:
Code:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
Today, got a syn flood coming through, low bandwidth, etc. Each ip connecting under the tracking limit for csf. So I tweaked the netstat command a lil bit and I was able to see what ips were sending syn and how many times.
Like this:
Code:
netstat -ntu | grep SYN_RECV | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
So I figured it would be very handy to ban ips sending over so many SYN_RECV connections at once. So I took dos deflate and tweaked it a lil. Made this to work with csf. Only problem on csf is there is no unban command, only whitelist so I just had it do csf -d again on the unban command, This would give an error and would not unban the ip but you really dont need to unban it so soon.
With apf it works perfectly on unbanning. Works just like dos deflate but bans syn flooders not connection flooders. You could even use this along with dos deflate. I am using it along side of csf and the connection tracking feature no problem.
I plan on releasing some what of an official version too along with some other tools to monitor and stop dos. So whoever is interested or can offer some advice let me know.
For those who wanna give it a try:
For the CSF version:
To install:
Code:
wget[url]
To uninstall
Code:
wget [url]
For the Apf and Generic Iptables version:
To install
Code:
wget [url]
To uninstall
Code:
wget [url]
uninstall.synd ; ./uninstall.synd
I didnt get to try the apf version out much but have used the csf version all day with no issues
Note to makers of dos-deflate: Im not too keen on all this licensing stuff or what I am supposed to do when I modify someone else script so let me know what I need to do to keep from making anyone mad.
Server Notice : Kernel: Possible SYN Flooding On Port 110. Sending Cookies
Apr 24, 2008server notice : kernel: possible SYN flooding on port 110. Sending cookies. and down.
how to disable flood on port 110, flood port 443!
EX : disable telnet on port : 21,445,110,53
how to disable telnet on port 21,445,110, with cmd (telnet ip(host) port)
