 |
|
You are here: Foswiki>Devel Web>RNCServerMeeting1>SquidConfNYCIndy>NycDos (01 Sep 2004, LeXi)Edit Attach
ips that have tried/are trying to DoS nyc.indy:
24.185.151.175 24.185.151.175 24.195.42.140 24.208.128.254 24.218.125.149 24.49.18.54 24.62.152.241 65.37.52.221 65.43.225.103 66.229.150.11 66.26.193.74 68.2.162.200 68.202.162.34 68.203.189.145 68.237.239.154 68.39.190.87 68.65.128.234 69.208.92.157To list what you currently have in your firewall:
iptables -Lif you dont have a complex firewall setup, you can probably drop IPs by doing this, but be warned, if you do this wrong, you could cut your connection to your machine so type carefully:
iptables -A INPUT -s ip.address.here -j DROPif you want to see what is hitting your squid and how hard, use:
netstat -an | grep tcp | awk '{print $5 $6;}' | sed 's/:[0-9]*/ /'| sort | uniq -c | sort -r
large number of connections (greater than 40 or so) in the state SYN_RECV that are not to the publish.nyc server are
suspicious.....
-- MicahA - 30 Aug 2004 Edit | Attach | Print version | History: r3 < r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r3 - 01 Sep 2004, LeXi
- Devel Web
- Home
- What's new
- Topics
- Search
-
RSS Feed
- Tech working groups
- IMC Tech
- Sysadmin
- DNS
- Listwork
- IMC Docs
- IRCd
- IMC Security
- Global Website
- IMC Database
- Keyserver
- SoS
- All sections
- Global network
- Local IMCs
- Tech
- Sandbox
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding Foswiki? Send feedback