similar to: Flood of email

Hello, I current have a FreeBSD 4.8 bridge firewall that sits between 7 servers and the internet. The servers are being attacked with syn floods and go down multiple times a day. The 7 servers belong to a client, who runs redhat. I am trying to find a way to do some kind of syn flood protection inside the firewall. Any suggestions would be greatly appreciated. -- Ryan James ryan@mac2.net

I keep seeing 'Joe Average compromised computer on broadband' being used to do email dictionary attacks on our systems. Seems I always have several domains going through these. One in particular has been in the 'a-' list for weeks with about 20,000 attempts per day from various systems. Yeah, I do have a system which blocks email from these systems for a period of time after 3

Hi If I use sfq qdisc on a CBQ class I get a lot of dropped packets and the backlog itr almost always to its full value: 128. From the HOWTO I understand that the queue is at 128 packets, and SFQ shows 128/1024 flows , but how can I increase that value ? I have tried ip link set txqueuelen but this only increases the tx queue on the interface. qdisc sfq d468: quantum 1514b limit 128p flows

Hi *Problem *- I'm running Icecast in a VM container on OpenVZ. Syslog on the hardware node (HN) shows these error messages: Jan 23 18:43:05 HN kernel: [27469893.430615] possible SYN flooding on port 8000. Sending cookies. Jan 23 21:37:40 HN kernel: [27480362.817944] possible SYN flooding on port 8000. Sending cookies. Jan 23 23:43:50 HN kernel: [27487929.582025] possible SYN flooding on

resending, sorry, I mangled the list address. On Tue, Nov 12, 2024, at 11:49 PM, Harlan Stenn wrote: > - put each battery on a charger for several hours Do you have a recommendation for a battery charger? Or a list of features to look for? > Anyway, when I have a set of replacement new batteries, I then: > > - put each battery on a charger for several hours > - rotating thru

Perhaps someone will help me on this :- I have read a lot of examples of syn flood protect on the INPUT chain. That I have no question at all. I wonder if it make sense to perform syn flood protection at the FORWARD chain ? If packets are originated from a LAN worm, and are not targetted at the firewall itself, but rather at hosts in the internet, will it cause problem with the firewall itself,

Someone for the love of go must have a answer for this.. :) Im so needing to trickle a few games/apps running under wine.. Anyone got any ideas?

My guys, My firewall seems to block an attack my Centos / Sendmail boxes on port 110. These servers require a reboot after each attack. My firewall says it's blocked? Do I need to patch something on sendmail? Or is my firewall not doing its job (Sonicwall)? This is not the first time this has happened. 11/20/2008 02:53:04.864 - SYN flood attack dropped - 75.2.205.141, 48102 -

Hello All, We have a Linux cluster application that uses openssh as its inter-node communication mechanism and we've recently run into a problem that points to a potential scalability issue in openssh code. Our client nodes systematically open ssh connections to the server node to execute an administrative command. When establishing socket connections, the server side sometimes fails to

On 11/12/2024 10:58 AM, Dan Langille via Nut-upsuser wrote: > Hello, > > nut recently told me that the batteries need replacing in my Eaton 5PX2200RT (ups) and 5PXEBM48RT (external battery pack). According to my notes, it has been just over 4 years since I installed them. Looking at on-line sales, these seem to use batteries in a pre-packaged plastic shell. I don't recall if

HTB: class htb 1:40 parent 1:1 leaf 40: prio 3 rate 358Kbit ceil 529Kbit \ burst 6Kb cburst 2260b Sent 145871726 bytes 97293 pkts (dropped 69, overlimits 0) rate 56741bit 37pps backlog 23p lended: 77429 borrowed: 19841 giants: 0 I would like to increase "backlog" because I think that would decrease "dropped". 23 packets of 1500 bytes each is only 34,500 bytes. IMO, there

I notice one other small problem with my modified version of SFQ. The fact that packets can be dropped at dequeue time is incompatible with the way HTB (and probably CBQ and others modeled on it) keep statistics. When I fill a low rate queue causing packets to expire and be dropped at dequeue I get interesting statistics like this: This is my variant of SFQ qdisc plfq 8016: dev eth1 ... Sent

Hi folks...!!! I need to generate qdisc statistics to show my 4 class (10, 20, 30, 40), i`ve all working with HTB and so on, but i need to graph this results e.gwith RRDTOOL. I found a script made in perl, that can to graph my 4 class, but i need to know which IP address on my LAN are using the bandwidth too, in other hand i need to classify the traffic by IP to show. This is an out of my

With the below script, whenever I ping 10.0.16.10 (which matches the only filter I have), traffic still get''s sent to the default 1:2 class instead of 1:1 and I don''t know why... Any hints? (kernel 2.6.12, iproute2-2.6.15) tc qdisc del dev eth0 root > /dev/null 2>&1 tc qdisc add dev eth0 handle 1: root htb default 2 tc class add dev eth0 classid 1:1 parent 1: htb rate

Hello all. I was recently the victim of a SIP flood attack. I'm wondering what is the best method to prevent such things in the future. Many thanks Greg -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20101003/2e254523/attachment.htm

Hello, I have a problem with simple traffic shapping in shorewall, my current configuration is: zones vlan10 ipv4 # interfaces vlan10 vlan10 detect tcpflags,routeback shorewall.conf TC_ENABLED=Simple tcinterfaces vlan10 Internal 1mbit:50kb shorewall show tc Device vlan10: qdisc prio 5: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1

Hi! Do you know somthing about hfsc and bps? There''s no output for speed only for packets. Doesn''t hfsc support such a field? tc -s class show dev eth0 class hfsc 1: root Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 period 0 level 2 class hfsc 1:11 parent 1:1 sc m1 0bit d 18.0ms m2 1000Kbit ul m1 0bit d 0us m2

I have just finished a patch to linux 2.0.29 that provides the SYN cookies protection against SYN flood attacks. You can grab it from my home page at: http://www.dna.lth.se/~erics/software/tcp-syncookies-patch-1.gz You can also follow the pointers from my home page (see the signature) to get a very short blurb about this patch. Quick synopsys: This implements the SYN cookie defense against SYN

Greetings -- in the "Linux Advanced Routing & Traffic Control HOWTO" chapter 14.1 on bfifo/pfifo it says that: "you can use this qdisc to determine the backlog on your interface". But it does not say exactly how. Command [#tc -s qdisc ls] outputs the number of packets sent so far but it does not output any info about the backlog. My first question is whether a command

Sounds like great advice, thanks! Would you care to post it to the NUT wiki or in-source FAQ document (or can I)? Probably the meaningfulness of specific company names is too geographically and temporally limited, however the technical part is universally applicable. Jim On Wed, Nov 13, 2024 at 6:08?AM Harlan Stenn via Nut-upsuser < nut-upsuser at alioth-lists.debian.net> wrote: