ips that have tried/are trying to DoS nyc.indy:
To list what you currently have in your firewall:
iptables -L
if you dont have a complex firewall setup, you can probably drop IPs by doing this, but be warned, if you do this wrong, you could cut your connection to your machine so type carefully:
iptables -A INPUT -s ip.address.here -j DROP

if you want to see what is hitting your squid and how hard, use:
netstat -an | grep tcp | awk '{print $5 $6;}' | sed 's/:[0-9]*/ /'| sort | uniq -c  | sort -r

large number of connections (greater than 40 or so) in the state SYN_RECV that are not to the publish.nyc server are suspicious.....

-- MicahA - 30 Aug 2004
Topic revision: r3 - 01 Sep 2004, LeXi
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback