SYN_RECV DDoS attack on CentOS Server

Posted on February 19, 2006 by flashweb
Last few days a server is getting too many SYN_RECV attacks.
 
I tried to stop it with APF antidos and mod_evasive.
 
It stoped the attack. But today it started again, may be with more strength, there was more than 1500 SYN_REC requests, Apache stoped working.
 
Today i banned few attacker IP’s with APF firewall.
 
netstat will show the number of connections each IP’s have. Ban IP’s with too many SYN_REC will help if attack is not spoofed.
 

# netstat -n -p | grep SYN_REC | awk '{print  $5}' | awk -F: '{print $1}'

 
To block an IP with APF Firewall, use
 
# apf -d IPADDRESS
# csf -d IPADDRESS
 
 

Related posts:

  1. netstat
  2. bind init scripts on FreeBSD 5.4 Cpanel server
  3. Apache not working, server can’t ping outside
  4. APF Firewall, Removing IP from deny rules
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>