[SlugBug] DDoS help required
Jonathan
jonathan at sirtis.org.uk
Wed Jul 16 03:02:23 BST 2003
Hi all,
Got another problem for you, this time on a SuSE linux box, running some
horribly old release, kernel 2.4.4.
It looks to be a DDoS, typically a netstat shows around 300-400 SYN
connections to the ssh port.
I've enabled syncookies and increased the queue size for syn to 4096,
with no success.
Any suggestions or pointers would be great. I've read a few DDoS sites,
but they are laden with theory and how to stop these things in the first
place. I need to know how to try and stop one that's already happening.
The IP of the box was changed and the problem abated, but when the
service on that box was resumed, the attack started again, i.e. someone
is a bit peeved and is attacking the box at will.
It's a server owned by a customer so an update and proper firewall have
been recommended, but I'm just wondering if I can do something else in
the meantime.
TIA,
Jonathan
More information about the SlugBug
mailing list