[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] SYN attacks killing me! Please HELP!
- Subject: Re: [cobalt-security] SYN attacks killing me! Please HELP!
- From: "Ing. Ernesto Pérez Estévez" <ernesto@xxxxxxxxxxx>
- Date: Mon, 22 Jul 2002 20:47:32 -0500 (ECT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> Does not seem to be the kernel. I mean not the Cobalt kernel. From
> what I have read, the fix to the kernel from Apache.org stopped the
> people from taking control of your server. It does not stop what you
> are getting. The Cobalt kernel has incorporated the changes to the
> current kernel. If you did the update you have the latest fix by
> Apache.org.
> Read this
> http://www.extremetech.com/article2/0,3973,302776,00.asp
> It appears the fix to apache just keeps the person from getting root
> access, not from doing the DOS.
Sorry I missed this part in my first email:
Yes I´m colocated and the colo company asked me to handle them the IP
address of the attacker in order to block them. Man.. I can do that with
ipchains.. in fact I´ve done that just that after a few hours or days the
attacker moves to a different IP and problem is restarted. I ´ll ask them
to consider passing only valid syns suggested in this list.
Well.. apache itself is not the problem.. I don´t think it´s. For these
reasons:
1- I´ve been logged in the server when attacks comes, attacks are mostly
on port 21 and sometimes on port 80 (anyway I´ll take care of port 81 as
suggested here too, thanks)
2- After the system reboots, I check /var/log/kernel.log and I get lots
of: Possible syn flooding on port 21, sending cookies, after 10 or more
lines like this, no more messages.
That´s why I think it´s the old kernel... BTW, the colo told us they
have had a very busy week rebooting cobalts all around the facility,
because of the same reason.
Well.. actually I don´t think what else to do to stay macho man and not to
ask for a reboot every X time.
Waiting for more suggestions
Ernesto