Synflood protection
Jan 21 16:51:45 TCP: http connection attempt from 128.108.161.128:1159
Jan 21 16:51:46 TCP: http connection attempt from 64.238.194.29:1039
Jan 21 16:51:46 TCP: http connection attempt from 193.2.170.36:1138
Jan 21 16:51:47 TCP: http connection attempt from ntserver1.halstreet.com:1244
Jan 21 16:51:47 TCP: http connection attempt from 198.147.100.150:1262
Jan 21 16:51:50 TCP: http connection attempt from 194.210.203.88:1181
Jan 21 16:51:52 TCP: http connection attempt from 205.72.93.28:1265
Jan 21 16:51:53 TCP: http connection attempt from 4.13.159.118:1084
Jan 21 16:51:53 TCP: http connection attempt from 208.13.244.223:1167
Jan 21 16:51:57 TCP: http connection attempt from 206.224.15.210:1145
Jan 21 16:51:57 TCP: http connection attempt from 210.178.14.124:1031
Jan 21 16:51:58 TCP: http connection attempt from dhcp-144-0063.unm.edu:1088
Jan 21 16:52:01 TCP: http connection attempt from 216.12.252.101:1123
Jan 21 16:52:02 TCP: http connection attempt from p16-dna05iwata.shizuoka.ocn.ne.jp:1246
Jan 21 16:52:02 TCP: http connection attempt from c1995321-a.pinol1.sfba.home.com:1152
Jan 21 16:52:02 TCP: http connection attempt from 199.91.114.93:1185
Jan 21 16:52:02 TCP: http connection attempt from 128.6.193.57:1224
Jan 21 16:52:03 TCP: http connection attempt from adamsmithsociety.com:1262
Jan 21 16:52:04 TCP: http connection attempt from 193.131.77.219:1113
Jan 21 16:52:04 TCP: http connection attempt from 209.153.50.172:1187
Jan 21 16:52:05 TCP: http connection attempt from 194.39.109.242:1136
Jan 21 16:52:19 TCP: http connection attempt from 198.175.51.83:1131
Jan 21 16:52:20 TCP: http connection attempt from 205.82.1.100:1228
Jan 21 16:52:20 TCP: http connection attempt from 4.214.254.93:1211
Jan 21 16:52:22 TCP: http connection attempt from 208.249.68.93:1085
Jan 21 16:52:23 TCP: http connection attempt from 206.65.208.78:1056
Jan 21 16:52:23 TCP: http connection attempt from 210.21.168.236:1230
Jan 21 16:52:24 TCP: http connection attempt from 129.87.91.56:1073
Jan 21 16:52:27 TCP: http connection attempt from 216.26.122.100:1274
That is just a little bit of the log file that i had... it was 1gig in size, and it was just full of that junk so i removed it
rm -f
anyway...
logs show:
Out of Memory: Killed process 20076 (iplog).
Out of Memory: Killed process 20077 (iplog).
Out of Memory: Killed process 20078 (iplog).
Out of Memory: Killed process 20079 (iplog).
Out of Memory: Killed process 20080 (iplog).
Out of Memory: Killed process 8684 (pico).
Out of Memory: Killed process 8684 (pico).
I know i shouldn't of been running iplog
but i run it so i can find out later what happend
But anyway.. How can i prevent these synfloods? These ips were coming at us extremely fast, and the server went down easily.
Syncookies don't do anything, they were coming so fast, the server gets hammered.
How can we prevent this? This has been bugging me for sometime now...
I hope someone can give some useful advice.
