Portal Home > Knowledgebase > Articles Database > Name this attack!
Name this attack!
Posted by theone2k1, 01-12-2011, 03:30 PM |
I got apf and ddos deflate installed on my Linux server. I have a list of ip banned, but the ip addresses aren't valid at all. What kind of attack is this??
1795 with 1795 connections
1898 with 1898 connections
2030 with 2030 connections
1902 with 1902 connections
1783 with 1783 connections
1755 with 1755 connections
....
|
Posted by OrbitData, 01-12-2011, 04:01 PM |
What protocol and ports are they hitting?
|
Posted by theone2k1, 01-12-2011, 10:25 PM |
oh... I am not sure how to check this because i got the information from the emails that the server sent. I do have root access to the server if you can tell me how to find that out. Thanks!
|
Posted by jon-f, 01-12-2011, 11:49 PM |
looks like you may just have done a wrong ne command.
try
Also you should try installing CSF and configuring connection tracking
best settings while under attack are
CT_LIMIT= 30
CT_PERM = 1
CT_STATES = NEW,ESTABLISHED,SYN_RECV
DROP_LOGGING = 0
Also check dmesg for any dropped packet errors, you may have to tune sysctl.conf for more conntrack tables,
wmem, rmem, etc;
|
Posted by theone2k1, 01-13-2011, 03:35 AM |
I have never used CSF firewall. I read something online that I have to remove APF and other IP table firewalls. It does look like a good idea to install CSF. Alright, I will give it a try. Thanks for the info.
|
Posted by nonmal, 01-14-2011, 04:16 AM |
Agree with Jon-F
|
Posted by FastServ, 01-14-2011, 03:52 PM |
CSF comes with a tool remove_apf_bfd.sh -- Just run that to remove APF before you run install.sh
By the way APF is out-dated, sloppy, and poorly maintained. It will end up causing more problems than it solves.
|
Add to Favourites Print this Article
Also Read