Possible SYN Flooding On Port 80
Aug 15, 2007
my new server performs strange
I checked /var/log/messages
there are full of these messages
possible SYN flooding on port 80. Sending cookies.
kernel: printk: 84 messages suppressed.
kernel: nf_conntrack: table full, dropping packet.
my site is a huge site, thousands of ppl online
I think i am not been attacked, but kernel think so.
How to resovle this problem.
How can I stop netfilter from kernel
kernel:@2.6.22.1-32.fc6
2 xoen 2.8g, 2gb ram, 73gb scsi hd
View 10 Replies
ADVERTISEMENT
Apr 24, 2008
server notice : kernel: possible SYN flooding on port 110. Sending cookies. and down.
how to disable flood on port 110, flood port 443!
EX : disable telnet on port : 21,445,110,53
how to disable telnet on port 21,445,110, with cmd (telnet ip(host) port)
View 2 Replies
View Related
May 13, 2008
Well I've tried Staminus and Awknet and they both just seem to rate-limit if I get like 300MBIT SYN, is there any provider that won't just rate-limit but will actually filter the attack for around $200/mo?
View 7 Replies
View Related
May 8, 2009
I have been faced with a packet flooding issue.
Quick scenario, I run a few public game servers, and we have had a member go insane.
This member has been using a piece of software, to do a simple DDoS attack, and when they perform this attack, it laggs everybody out, and takes down the individual game server.
While this is occurring, I have been watching with a network analyzer program, and noticed the packets go sky high (from 4.4k to 150k+).
So, I am in need of a quick, piece of software that can block flood attacks, or whatever is going on.
View 5 Replies
View Related
Apr 12, 2009
My website has been under a constant Syn Flood DoS attack for the past few days. However, the attack originates from a single IP address that changes every few hours (Possibly a syn flood script with IP spoofing capabilities).
The Syn Flood attack isn't creating any spike whatsoever in my usage graphs, however, its still rather annoying. What firewall should I use to combat the DoS attack?
View 4 Replies
View Related
Aug 15, 2007
Someone seems to be flooding our HTTP server somehow. We use the latest version of Apache on Windows.
Is there any Windows modules that can filter the total amount of IP connections, or something built into Windows that could filter this?
View 2 Replies
View Related
Jul 21, 2007
I made a thread about this in programming as I was trying to figure it out but I ended up tweaking dos deflate a lil and got it working. Tried and tested as well during low bandwidth syn flood. Keep in mind if you are having massive syn attacks then most of it will have to be filtered on the network level. I have filtering from staminus on my server, this is just for the low bandwidth stuff that gets through.
Syn-deflate is just a name I came up with as it is based on dos-deflate, only a few changed features. I dont know how medialayer would feel about me modifying their script this way I know they got lisence and copywrite on it. Guess I will talk to them about that before any official release.
especially about the csf version.
So I always have used some dos deflate features to monitor dos in my servers, just the netstat command. This one:
Code:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
Today, got a syn flood coming through, low bandwidth, etc. Each ip connecting under the tracking limit for csf. So I tweaked the netstat command a lil bit and I was able to see what ips were sending syn and how many times.
Like this:
Code:
netstat -ntu | grep SYN_RECV | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr
So I figured it would be very handy to ban ips sending over so many SYN_RECV connections at once. So I took dos deflate and tweaked it a lil. Made this to work with csf. Only problem on csf is there is no unban command, only whitelist so I just had it do csf -d again on the unban command, This would give an error and would not unban the ip but you really dont need to unban it so soon.
With apf it works perfectly on unbanning. Works just like dos deflate but bans syn flooders not connection flooders. You could even use this along with dos deflate. I am using it along side of csf and the connection tracking feature no problem.
I plan on releasing some what of an official version too along with some other tools to monitor and stop dos. So whoever is interested or can offer some advice let me know.
For those who wanna give it a try:
For the CSF version:
To install:
Code:
wget[url]
To uninstall
Code:
wget [url]
For the Apf and Generic Iptables version:
To install
Code:
wget [url]
To uninstall
Code:
wget [url]
uninstall.synd ; ./uninstall.synd
I didnt get to try the apf version out much but have used the csf version all day with no issues
Note to makers of dos-deflate: Im not too keen on all this licensing stuff or what I am supposed to do when I modify someone else script so let me know what I need to do to keep from making anyone mad.
View 6 Replies
View Related
Aug 8, 2013
I'm runnung a server with Apache2 (Apache/2.2.16 (Debian 6.0))
I would like Apache2 listen on port 8080 for IPv4 and on port 80 for IPv6.
This is what I have now:
/etc/apache2/ports.conf
View 4 Replies
View Related
Feb 19, 2008
Currently I am using Linux + cPAnel and using the port 25 for email sevrer. Currently we facing 1 problem is, some user's ISP is not support port. May I know how can I add additional port into server and allow users to send mail by different port?
View 1 Replies
View Related
Jun 21, 2009
I have an office internal website and I opened a port in the gateway of my office (7080) to this website (server )'s 80 port. That makes this website open to public as office has static IP. And then when I view the site from home . it's fine. But when I tried to login, the site is using a pop-up, I guess it's http authentciation, login, I was redirected to a url without my port number any more, that stops my access to the site as obviously I would.
How can I keep my connection/port number ...?
View 2 Replies
View Related
Jun 18, 2008
about the NIC and switch,
there are giga port vs mega port,
in your experience,do they really be different?
View 14 Replies
View Related
Jun 10, 2007
I recently changed my SSH port, but locked myself out when my APF firewall was installed.
Where would I got to add a custom port inside the APF's config file?
View 3 Replies
View Related
Apr 23, 2008
I am using proftpd...How do i instruct that the server don't listen on high ports 49152-65534 but only to 21?
The reason is because my client's firewall setup is very strict and i need to give a good reason to open those high ports. Right now, i can ftp to port 21 only but can't do nothing more than that coz the higher ports are blocked.
View 1 Replies
View Related
Jun 24, 2009
i now have root access at a site i manage and the previous admin has set up a different SSH port.
I think this because i get " Connection Refused " and that user has access for SSH.
When restarting my SSH services i recive;
Quote:
sshd has failed, please contact the sysadmin.
And from looking that error up it means the port has been changed.
So i have WHMC access and all other root passwords etc, but how can i find out the port?
View 13 Replies
View Related
Nov 5, 2009
Bought New VPS recently , it suppose 10MB unmetered .. when Download Big files thru SSH , the Speed Never Exceed 2MB, always 2mb or less ..
i thought i get 10mb, from wht i understood when say 10mb unmteret ..
how to make sure if i'm on 10 mb unmetered or not .. i thought simple just download some big file from ssh and see wht speed ..
View 9 Replies
View Related
Nov 3, 2008
I have cpanel running on a centos box and I want to change the ssh port from (22) the default port to something new i get 13000 login add temps a day. How do i do this i have root access
View 11 Replies
View Related
Apr 15, 2007
is it safe to keep the port 111 open or what?
i'm using CentOS 4.x
View 5 Replies
View Related
May 15, 2007
I am having my ded server disconnected in less than 2 hours if I dont delete a bad website off my dedicated server (I run a free hosting website on it...i know! I know!)
Anyways I need to login to ROOT and manually take this website off the server, which I have NO IDEA how to do anyways, but I need the SSH port to do so and I HAVE NO IDEA what it is!
How do I find this information out?
View 9 Replies
View Related
Jun 27, 2008
I'm a bit new to this, and I wanted to host my server on a VPS. I tried connecting, but that just didn't work. Do I need to portforward the VPS? Sorry, Like I said, I'm a bit new.
View 6 Replies
View Related
Apr 16, 2009
I know this is a bit of an odd question but I have a VPS which has port 1189 open. Is it normal by default to have this port listening on a OpenVZ VPS under HyperVM? or is this something a little concerning? Never noticed it before, just checking I don't want any illegal applications being hosted on my server by clients.
It's most probably nothing to be concerned about, just wanted to double check.
View 3 Replies
View Related
Oct 13, 2007
I would like to know on how to forward specific IP with port to localhost or any IP by using iptables ? For example i would like to forward for port 25 from IP A to IP B, Currently i'm doing a test with my firewall and i'm very blur with iptables thingy.
View 2 Replies
View Related
Apr 18, 2006
what is port forwarding?
View 2 Replies
View Related
Jun 2, 2009
I have a script that needs to make a port 80 request to itself and it seems that there is something blocking that request. where should i look to correct this problem?
View 14 Replies
View Related
Mar 9, 2008
OK, This is killing me, can someone tell me how to unblock ports 7000-9000 in ConfigServer (CSF) for my whole server? I need them unblocked for WHMSonic, and all my admins are off for the weekend so I really need some help.
View 7 Replies
View Related
Dec 2, 2007
One of my clients has a couple of servers from me.
In the course of my work, I've setup various people to send mail via one of these servers, using SMTP on port 587.
Can I see on the server who has been using it to send via port 587? I didn't keep a record, the server is closing down and I'd like to let as many people as possible know that they need to change their SMTP settings .. there are only 50 or so I think.
View 1 Replies
View Related
Nov 2, 2007
someone attacking my VPS via port 80, which firewall u advice me to use on windows 2003 WEB edition ?
Or anyone have smillar experiance and can tell me what to do? Btw my hosting company is LeaseWeb.
View 5 Replies
View Related
Sep 22, 2009
My switch 3COM 4500 (Layer3) ;
I want port 1 of switch work in all VLANS!
I created vlan2, vlan3 and add this trunk/hybrid port in all vlans and ping no work por port1.
View 6 Replies
View Related
May 23, 2009
I recently leased a server from leaseweb.com
It was suppose to have 1000mbps/sec full-duplex!
Can someone tell me how to check if I have what I paid for?
I tried wget from my friend's server who is with leaseweb aswell. Did a 100MB download test and for
30.36MB/sec === is this 1GBps? Please can someone tell me another way to test?
View 11 Replies
View Related
Jul 20, 2009
I've noticed on some rackmount servers and firewall appliances there are ports labelled console, and look like serial ports. Are these related to connecting to KVM? I am looking for a cheap appliance for some rackmount servers I have (1U half depth would be ideal), to remotely recover the server if it goes down. I figured they'd connect through PS2 connectors, but then I thought that if the console port was related, then going through that might have the option for power cycling or something.
View 7 Replies
View Related
May 15, 2009
im doing this in favor of my friend who is having some problem with his dedicated server,"he does not speak english very well" he has a unmanaged dedicated server he changed something on his ssh port and forgot what port is it, he can still access his WHM right now, meaning he know's the root password "correct" but the problem is he forgot his ssh port
View 14 Replies
View Related
Apr 18, 2009
I have been receiving a lot of emails from LFD about this ip (93.190.138.129) port scanning.
I get about 3+ of these emails a day letting me know that ldf has blocked the ip temporary.
I am now wondering should I be worried about this ip port scanning?
The ip is from the netherlands where my server is hosted and was wondering if its a coincidence or not?
View 11 Replies
View Related
