Portal Home > Knowledgebase > Articles Database > Name this attack!


Name this attack!




Posted by theone2k1, 01-12-2011, 03:30 PM
I got apf and ddos deflate installed on my Linux server. I have a list of ip banned, but the ip addresses aren't valid at all. What kind of attack is this?? 1795 with 1795 connections 1898 with 1898 connections 2030 with 2030 connections 1902 with 1902 connections 1783 with 1783 connections 1755 with 1755 connections ....

Posted by OrbitData, 01-12-2011, 04:01 PM
What protocol and ports are they hitting?

Posted by theone2k1, 01-12-2011, 10:25 PM
oh... I am not sure how to check this because i got the information from the emails that the server sent. I do have root access to the server if you can tell me how to find that out. Thanks!

Posted by jon-f, 01-12-2011, 11:49 PM
looks like you may just have done a wrong ne command. try Also you should try installing CSF and configuring connection tracking best settings while under attack are CT_LIMIT= 30 CT_PERM = 1 CT_STATES = NEW,ESTABLISHED,SYN_RECV DROP_LOGGING = 0 Also check dmesg for any dropped packet errors, you may have to tune sysctl.conf for more conntrack tables, wmem, rmem, etc;

Posted by theone2k1, 01-13-2011, 03:35 AM
I have never used CSF firewall. I read something online that I have to remove APF and other IP table firewalls. It does look like a good idea to install CSF. Alright, I will give it a try. Thanks for the info.

Posted by nonmal, 01-14-2011, 04:16 AM
Agree with Jon-F

Posted by FastServ, 01-14-2011, 03:52 PM
CSF comes with a tool remove_apf_bfd.sh -- Just run that to remove APF before you run install.sh By the way APF is out-dated, sloppy, and poorly maintained. It will end up causing more problems than it solves.



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read