syn attack

I have a syn attack on one of my servers. I got it under control so it doesn't hurt the server (datacenter hardware), but just incase I want to find out which site is getting attacked so I can terminate it if the attack gets out of control. I checked all the main logs and all I come up with are lines like this:

apache log:

164-8 - 0/0/12 . 0.00 25312 0 0.0 0.00 0.27 203.147.x.xx xxxxx.myserverdomain.com h3RyOe5kPohmzucnb

Is there any places I can look to determine which site is causing it.


I tried putting a couple sites on dedicated ips, but the attack still hit the main ip.

If it is hitting the main ip, what can I do? I can change all the sites ip to a new one, but the attack may find the new ip through a domain it is attacking.


I have tried everything I can think of, but maybe I missed something, any help would be great.

I had antidos blocking ips, but thats worthless when the attacker has more ips than I can count in a lifetime. I have time, there is no harm being done now, I just want to be safe for the future.

Thanks

 

 

 

 

Top