Getting DOS'ed Please help.
tcp 69.*.*.*:80 12.165.74.145:3145 SYN_RECV -
tcp 69.*.*.*:80 65.43.86.60:4892 SYN_RECV -
tcp 69.*.*.*:80 68.161.13.214:4352 SYN_RECV -
tcp 69.*.*.*:80 67.66.63.214:3577 SYN_RECV -
tcp 69.*.*.*:80 69.28.228.135:2986 SYN_RECV -
tcp 69.*.*.*:80 65.40.255.217:4657 SYN_RECV -
tcp 69.*.*.*:80 69.212.1.193:2158 SYN_RECV -
tcp 69.*.*.*:80 69.37.177.125:2979 SYN_RECV -
tcp 69.*.*.*:80 12.221.114.169:1438 SYN_RECV -
tcp 69.*.*.*:80 69.8.6.1:61428 SYN_RECV -
tcp 69.*.*.*:80 69.69.96.147:4182 SYN_RECV -
tcp 69.*.*.*:80 69.69.96.147:3458 SYN_RECV -
tcp 69.*.*.*:80 68.78.104.75:1967 SYN_RECV -
tcp 69.*.*.*:80 69.37.177.125:2914 SYN_RECV -
tcp 69.*.*.*:80 65.92.126.153:4029 SYN_RECV -
tcp 69.*.*.*:80 67.50.84.121:1658 SYN_RECV -
tcp 69.*.*.*:80 201.128.119.13:3522 SYN_RECV -
tcp 69.*.*.*:80 70.240.48.236:4409 SYN_RECV -
tcp 69.*.*.*:80 67.50.84.121:1499 SYN_RECV -
tcp 69.*.*.*:80 68.8.72.179:4294 SYN_RECV -
tcp 69.*.*.*:80 66.229.144.96:65298 SYN_RECV -
tcp 69.*.*.*:80 68.251.67.171:4065 SYN_RECV -
tcp 69.*.*.*:80 68.161.13.214:3122 SYN_RECV -
tcp 69.*.*.*:80 68.250.227.237:4698 SYN_RECV -
tcp 69.*.*.*:80 69.110.25.25:2856 SYN_RECV -
tcp 69.*.*.*:80 68.94.53.142:4948 SYN_RECV -
tcp 69.*.*.*:80 69.212.1.193:4550 SYN_RECV -
tcp 69.*.*.*:80 69.69.96.147:1081 SYN_RECV -
tcp 69.*.*.*:80 68.78.102.147:4007 SYN_RECV -
tcp 69.*.*.*:80 68.78.116.102:4351 SYN_RECV -
tcp 69.*.*.*:80 69.104.6.108:1410 SYN_RECV -
and... a lot more.. (LAST_ACK, ESTABLISHED etc)
We are using ThePlanet's server, and they seems useless to this kind of attack.
(1) Tried mod_dosevasive, all domains inaccessible after then
(2) Tried mod_security, doesn't do stuff to dos attack
(3) Tried to modify httpd.conf, no help.
(4) Tried APF, and all of sudden, the server is COMPLETELY inaccessible(eg. ssh) APF shutdown all the holes?
Please advice in details, what can I do to stop this dos attack?
