Syn_recv

Discussion in 'Server Operation' started by SamTzu, Apr 19, 2010.

  1. SamTzu

    SamTzu Member HowtoForge Supporter

    Just got syn flooded. :mad:
    There is about 200 of these coming from Egypt. And the server got sloowwww.
    It's cumbersome to do iptables -A INPUT -s 196.218.51.134 -j DROP on all of the IP's.

    Any ideas on how to best handle these types of situations?


    tcp 0 0 79.134.125.169:80 196.218.51.134:2535 SYN_RECV -
    tcp 0 0 79.134.125.169:80 196.218.51.134:1296 SYN_RECV -
    tcp 0 0 79.134.125.169:80 196.218.51.134:2130 SYN_RECV -
    tcp 0 0 79.134.125.169:80 196.218.51.134:4306 SYN_RECV -
    tcp 0 0 79.134.125.169:80 196.218.51.134:1984 SYN_RECV -
    tcp 0 0 79.134.125.169:80 196.218.51.134:2536 SYN_RECV -
     
  2. falko

    falko Super Moderator ISPConfig Developer

  3. SamTzu

    SamTzu Member HowtoForge Supporter

    It was only from 2 different IP addresses so it was easy to block with the above command. But since this kind of stuff seems to be growing more common we should find a bit more permanent solution.
     

Share This Page