Highest Voted 'syn' Questions - Server Fault Stack Exchange

0

votes

1 answer

Fallout from apparent dos attack - httpd trying to contact attacker

I have a server running multiple web hosts (all internally managed) which was the subject of what looked like a dos attack last night. I blocked the attacking IP in IPTABLES for both input and output chains. That seemed to solve the problem and I…

httpd ddos syn

asked Aug 31 '18 at 09:43

Bob Howlett

1

0

votes

2 answers

Count number of incoming connection on a port - Linux

We have a server which listens on port X. The server has a large number of clients, from time to time the process gets hung, I am seeing SYN flooding messages in the log. I have been trying to tune relevant tcp configuration params. I would like a…

tcp tcpdump syn

asked May 09 '16 at 13:36

Sridhar Chidurala

167
2
7

0

votes

0 answers

"Filtered" port when accessing server

I'm having periodic trouble accessing one of my DigitalOcean servers from Azure machines. I have isolated a test that - I believe - demonstrates the issue and captured a tcpdump from the server for both the working example and the not working…

azure tcpdump nmap syn

asked Oct 27 '15 at 01:48

Charles Offenbacher

145
7

0

votes

1 answer

Windows Server 2008 sending regular TCP DNS requests to Forwarders

Our organization's primary DNS server is a Windows Server 2008 which two Forwarders set. I happened to notice on our firewall that this server is sending out regular TCP requests to the Forwarders in addition to the standard UDP queries. I ran…

windows-server-2008 domain-name-system tcp syn

asked Feb 27 '15 at 20:50

Andrew S

508
3
7
12

0

votes

1 answer

Interpreting RABHIT logs - Potential Attak - SYN?

I am hosting a web on a Linux - Debian Wheezy x64. Our Web Server is LiteSpeed using APF-Firewall and DDoS-Defeat Recently, we are getting logs of below sort, telling us it may be a potential attack (??), however searches allowing to understand…

linux security syn

asked Jul 30 '14 at 02:45

Yokoshima Fukuma

1

0

votes

1 answer

What is maximum legitimate SYN traffic rate

Recently my server gets syn flood attack. I use hitcount limitation, but I wonder what is the maximum rate of legitimate syn traffic for a single user IP. The source-IP based rule I use is blow; iptables -A INPUT -p tcp --syn -m recent --update…

iptables attacks syn

asked Feb 28 '14 at 11:50

afelaho

101
1

0

votes

0 answers

Drop first SYN packet with nftables

How can I drop the first SYN packet (or the first SYN/ACK reply) received by my server? I have a test VPS set up to capture and analyze malicious traffic directed to non-standard TCP ports, for example attacks on sshd running on a high port. Using…

redirect nftables conntrack syn

asked Jan 20 '23 at 15:23

Stewart

1

0

votes

1 answer

How do I block outgoing SYN packets on my Ubuntu 18 server?

I have an Ubuntu 18 server which is being used as a VPN server ( V2RAY ) . My VPS provider ( OVH ) has sent me this abuse report : 2022.10.22 12:40:47 CEST 51.91.11.***:53258 8.8.8.8:443 TCP SYN 60 ATTACK:TCP_SYN 2022.10.22 12:40:47 CEST…

vpn firewall ubuntu-18.04 ufw syn

asked Oct 22 '22 at 13:07

Mr Pro

33
3

0

votes

0 answers

FTP accessible on LAN, but not to port forwarded WAN on public IP address

I have been dealing with this issue a number of different times now, and each time I work on it I can not determine a solution. I have searched these forums, my firewall forums and worked with a few firewall admins, as well as working with the…

ftp windows-server-2016 port-forwarding syn

asked Sep 22 '22 at 03:06

VEnArdoP

1

0

votes

2 answers

How to detect an intranet SYN flood?

I got this problem: whenever I plug a Linux-server into the intranet, the whole network slows down and then die. Every ping/ssh connection between the intranet yields time out. I unplugged it, then everything came back to normal. Searching around…

ddos intranet flooding syn

asked Sep 19 '22 at 07:56

EyeQ Tech

131
1
1
6

0

votes

2 answers

Continuous RST, ACK flags from the same source

Can anyone help me better understand what is going on here? I keep receiving "broken pipe" errors that say the connection is being reset by the peer. Also, I thought 192.168.114.30 was the client, but from my reading, the original SYN in a handshake…

tcp reset syn rst

asked Aug 20 '22 at 12:47

Jonny Hoffman

1
2

0

votes

1 answer

Apache on Debian : server flooded by a lot of 400 , how to protect from it?

My HTTPS server has been experiencing slowness for a few days, so I consulted the log file (the access.log, I use apache2). And I found out that my server is flooded by a lots of 400 : If I change the apache config for stop listening the port 443,…

apache-2.4 ddos syn

asked Jun 12 '22 at 22:52

spacecodeur

107
4

0

votes

0 answers

netcat no reaction to syn packet crafted with gopacket

I want to do some experiments with TCP packets. Therefore I am using the gopacket (v1.1.19) to craft packets and send them onto an interface. I have this code for creating a SYN packet and putting it on loopback and sending to 127.0.0.1:8888 where I…

tcp netcat syn go

asked Nov 02 '21 at 11:13

jonathan-dev

101

-1

votes

1 answer

Run shell script on the event of "possible SYN flooding"

I'd like to write a script that gets all the stats I need (top IPs, used memory, netstat, etc) at the time I got an SYN flooding, and write to a report file. So, is it possible to trigger a script/command when the kernel alerts for "possible SYN…

linux tcp ddos scalability syn

asked Jun 29 '16 at 21:14

Nuno

553
2
8
26

Questions tagged [syn]