#SYN ATTACK :--
tcp 0 0 12.34.56.78:80 211.48.6.244:1048 SYN_RECV
tcp 0 0 12.34.56.78:80 128.223.93.135:1167 SYN_RECV
tcp 0 0 12.34.56.78:80 194.15.197.170:1192 SYN_RECV
tcp 0 0 12.34.56.78:80 199.155.53.109:1039 SYN_RECV
tcp 0 0 12.34.56.78:80 4.168.188.28:1048 SYN_RECV
when you run : netstat -an |grep :80 |more
but with several hundred of them, not five :)
Assuming your kernel was built with syncookie support, type the following as root.
echo 1 > /proc/sys/net/ipv4/tcp_
If it's not enabled, there isn't much you can do other than build a new kernel and reboot and use it or wait out the attack,
***********************************************
If under a SYN flood attack, it would look like this : --
If under a SYN flood attack, it would look like this : --
tcp 0 0 12.34.56.78:80 211.48.6.244:1048 SYN_RECV
tcp 0 0 12.34.56.78:80 128.223.93.135:1167 SYN_RECV
tcp 0 0 12.34.56.78:80 194.15.197.170:1192 SYN_RECV
tcp 0 0 12.34.56.78:80 199.155.53.109:1039 SYN_RECV
tcp 0 0 12.34.56.78:80 4.168.188.28:1048 SYN_RECV
when you run : netstat -an |grep :80 |more
but with several hundred of them, not five :)
Assuming your kernel was built with syncookie support, type the following as root.
echo 1 > /proc/sys/net/ipv4/tcp_
If it's not enabled, there isn't much you can do other than build a new kernel and reboot and use it or wait out the attack,
Some data centers can help with this as well....
----------------------------------------------------------------------------
