Re: HELP Under Attack
From: Alexander Clouter (alex_at_digriz.junk-this.org.uk)
Date: 08/24/04
- Next message: Peter Hille: "Re: MySQL Security Risk?"
- Previous message: Jem Berkes: "Re: HELP Under Attack"
- In reply to: Jim G.: "HELP Under Attack"
- Next in thread: Jim G.: "Re: HELP Under Attack"
- Reply: Jim G.: "Re: HELP Under Attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 23 Aug 2004 18:02:24 -0500
On 2004-08-23, Jim G. <jgrago@NO_SPAM-twcny.rr.com> wrote:
> How do I stop a Dos Syn Attack. My isp has already stopped Upd connections
> from hitting my servers, but I still have 225,000 connections to my 5
> servers from a Syn attack.
>
hmmm the signs of preparation.... :) As if I could talk anyway.
The thing is to 'acquire' a DoS attack you must have annoyed someone or been
a high profile company....only curious why they would target you.
As for fixes, first of all drop all traffic from countries you expect no
traffic from (or rather probably better only permit the ones you do business
with through)[1].
As for SYN-Cookies, make sure you have stacks of memory available and a
couple of CPU cycles to spare...
# echo 1 > /proc/sys/net/ipv4/tcp_syncookies
and thats it....30 seconds of Google searching would have told you this.
Other things you should try is using Ethereal[1] and see if the script kiddy
has made the common mistake of having something 'static' in the DoS attack
(usually the source port or sequence number). With this you can filter
upstream by the ISP or yourself.
Have fun and let me know how you get along ;)
Cheers
Alex
[1] http://ip.ludost.net/
[2] http://www.ethereal.com/
- Next message: Peter Hille: "Re: MySQL Security Risk?"
- Previous message: Jem Berkes: "Re: HELP Under Attack"
- In reply to: Jim G.: "HELP Under Attack"
- Next in thread: Jim G.: "Re: HELP Under Attack"
- Reply: Jim G.: "Re: HELP Under Attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
