similar to: Flood of email

Hello, I current have a FreeBSD 4.8 bridge firewall that sits between 7 servers and the internet. The servers are being attacked with syn floods and go down multiple times a day. The 7 servers belong to a client, who runs redhat. I am trying to find a way to do some kind of syn flood protection inside the firewall. Any suggestions would be greatly appreciated. -- Ryan James ryan@mac2.net

I keep seeing 'Joe Average compromised computer on broadband' being used to do email dictionary attacks on our systems. Seems I always have several domains going through these. One in particular has been in the 'a-' list for weeks with about 20,000 attempts per day from various systems. Yeah, I do have a system which blocks email from these systems for a period of time after 3

Hi If I use sfq qdisc on a CBQ class I get a lot of dropped packets and the backlog itr almost always to its full value: 128. From the HOWTO I understand that the queue is at 128 packets, and SFQ shows 128/1024 flows , but how can I increase that value ? I have tried ip link set txqueuelen but this only increases the tx queue on the interface. qdisc sfq d468: quantum 1514b limit 128p flows

Hi *Problem *- I'm running Icecast in a VM container on OpenVZ. Syslog on the hardware node (HN) shows these error messages: Jan 23 18:43:05 HN kernel: [27469893.430615] possible SYN flooding on port 8000. Sending cookies. Jan 23 21:37:40 HN kernel: [27480362.817944] possible SYN flooding on port 8000. Sending cookies. Jan 23 23:43:50 HN kernel: [27487929.582025] possible SYN flooding on

Perhaps someone will help me on this :- I have read a lot of examples of syn flood protect on the INPUT chain. That I have no question at all. I wonder if it make sense to perform syn flood protection at the FORWARD chain ? If packets are originated from a LAN worm, and are not targetted at the firewall itself, but rather at hosts in the internet, will it cause problem with the firewall itself,

Someone for the love of go must have a answer for this.. :) Im so needing to trickle a few games/apps running under wine.. Anyone got any ideas?

My guys, My firewall seems to block an attack my Centos / Sendmail boxes on port 110. These servers require a reboot after each attack. My firewall says it's blocked? Do I need to patch something on sendmail? Or is my firewall not doing its job (Sonicwall)? This is not the first time this has happened. 11/20/2008 02:53:04.864 - SYN flood attack dropped - 75.2.205.141, 48102 -

Hello All, We have a Linux cluster application that uses openssh as its inter-node communication mechanism and we've recently run into a problem that points to a potential scalability issue in openssh code. Our client nodes systematically open ssh connections to the server node to execute an administrative command. When establishing socket connections, the server side sometimes fails to

HTB: class htb 1:40 parent 1:1 leaf 40: prio 3 rate 358Kbit ceil 529Kbit \ burst 6Kb cburst 2260b Sent 145871726 bytes 97293 pkts (dropped 69, overlimits 0) rate 56741bit 37pps backlog 23p lended: 77429 borrowed: 19841 giants: 0 I would like to increase "backlog" because I think that would decrease "dropped". 23 packets of 1500 bytes each is only 34,500 bytes. IMO, there

I notice one other small problem with my modified version of SFQ. The fact that packets can be dropped at dequeue time is incompatible with the way HTB (and probably CBQ and others modeled on it) keep statistics. When I fill a low rate queue causing packets to expire and be dropped at dequeue I get interesting statistics like this: This is my variant of SFQ qdisc plfq 8016: dev eth1 ... Sent

Hi folks...!!! I need to generate qdisc statistics to show my 4 class (10, 20, 30, 40), i`ve all working with HTB and so on, but i need to graph this results e.gwith RRDTOOL. I found a script made in perl, that can to graph my 4 class, but i need to know which IP address on my LAN are using the bandwidth too, in other hand i need to classify the traffic by IP to show. This is an out of my

With the below script, whenever I ping 10.0.16.10 (which matches the only filter I have), traffic still get''s sent to the default 1:2 class instead of 1:1 and I don''t know why... Any hints? (kernel 2.6.12, iproute2-2.6.15) tc qdisc del dev eth0 root > /dev/null 2>&1 tc qdisc add dev eth0 handle 1: root htb default 2 tc class add dev eth0 classid 1:1 parent 1: htb rate

Hello all. I was recently the victim of a SIP flood attack. I'm wondering what is the best method to prevent such things in the future. Many thanks Greg -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20101003/2e254523/attachment.htm

Hello, I have a problem with simple traffic shapping in shorewall, my current configuration is: zones vlan10 ipv4 # interfaces vlan10 vlan10 detect tcpflags,routeback shorewall.conf TC_ENABLED=Simple tcinterfaces vlan10 Internal 1mbit:50kb shorewall show tc Device vlan10: qdisc prio 5: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1

Hi! Do you know somthing about hfsc and bps? There''s no output for speed only for packets. Doesn''t hfsc support such a field? tc -s class show dev eth0 class hfsc 1: root Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 period 0 level 2 class hfsc 1:11 parent 1:1 sc m1 0bit d 18.0ms m2 1000Kbit ul m1 0bit d 0us m2

I have just finished a patch to linux 2.0.29 that provides the SYN cookies protection against SYN flood attacks. You can grab it from my home page at: http://www.dna.lth.se/~erics/software/tcp-syncookies-patch-1.gz You can also follow the pointers from my home page (see the signature) to get a very short blurb about this patch. Quick synopsys: This implements the SYN cookie defense against SYN

Greetings -- in the "Linux Advanced Routing & Traffic Control HOWTO" chapter 14.1 on bfifo/pfifo it says that: "you can use this qdisc to determine the backlog on your interface". But it does not say exactly how. Command [#tc -s qdisc ls] outputs the number of packets sent so far but it does not output any info about the backlog. My first question is whether a command

i am trying to do some traffic classification using the PRIO qdisc and i am having a few problems. I have a root htb class: tc qdisc add dev imq0 root handle 1: htb default 255 r2q 1 tc class add dev imq0 parent 1: classid 1:1 htb rate 768kbit and a child PRIO tc class add dev imq0 parent 1:1 classid 1:99 htb rate 96kbit ceil 600kbit prio 0 tc qdisc add dev imq0 parent 1:99 prio tc filter

Hello everyone, is a pleasure to be here. I have a problem with my server, it runs qmail SMTP and protect it with shorewall. Since yesterday I get syn flood attacks on port 25, which means that no longer meet. How can I stop this with shorewall? my setup is as follows. zones: #ZONE DISPLAY COMMENTS net Net Internet loc Local Local networks dmz DMZ

Hi all, I was just wondering when this update will trickle down into the Centos repo: http://rhn.redhat.com/errata/RHBA-2008-0611.html Obviously, it just came out yesterday, so I'm not expecting it to suddenly appear. ;) Just curious what the turn around time usually is for RHEL bug fixes that get released and when we should expect it. As a side note, does anyone know if there is a way