[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] Raq 3 Hangs! Websites down

Subject: Re: [cobalt-developers] Raq 3 Hangs! Websites down
From: "Peter Gloor" <pgloor@xxxxxxx>
Date: Mon Apr 1 00:57:24 2002
List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>

Joel,

Beginning about six weeks ago we had (and still have) something similar on a
Microsoft Windows NT Web/Proxy server. The same symptoms. The system is
still running, no entries in any of the logs, but any incoming or outgoing
traffic is blocked until we reboot the server.

What we found out so far looks like a (new?) kind of attack. It looks
somewhat like the well known Syn Flood attack. As I'm not good in these
things I have no idea what to do against it.

We are currently evaluating the Qube 3 as a replacement for the NT server,
but so far I did not find the time to put it in place.

Using netstat, immediately before the NIC hangs, I can see a lot of SYN
RECEIVED with connections to port 80 on any IP address we have. The source
has a bogus (spoofed) IP address.

Now we have written a job that runs netstat any 30 second and writes any
source adress for connections having SYN RECEIVED for more than 30 seconds
into a file. We use this file daily to block this addresses from entering
our network in the router.

Windows NT has an entry in the registry to protect from Syn Flood attacks.
Enabling this protection helped a little but did not solve the problem.

Hope you'll get your problem solved, soon!

Kind regards,

Peter

----- Original Message -----
From: "earthlink" <joelmon2002@xxxxxxxxxxxxx>
To: <cobalt-developers@xxxxxxxxxxxxxxx>
Sent: Sunday, March 31, 2002 9:51 PM
Subject: [cobalt-developers] Raq 3 Hangs! Websites down


> Hello, this is the 2nd time this week our Raq 3 has hung and now
> I cannot telnet into it and all websites are down
>
> One person will have to go out monday and restart the darn thing
>
> When it reboots and is back up and running (as it was for 2 days after the
> last hang and before it
> died on us) what can I do to prevent this from happening again?
>
> It was fine for 1.5 years
>
> Is this just a piece of garbage that is no longer functional? We do not
host
> that many websites
>
> What can I do after a reboot to prevent this? This is PATHETIC
>
> Thanks
>
> Joel
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>

Follow-Ups:
- Re: [cobalt-developers] Raq 3 Hangs! Websites down
  - From: earthlink

References:
- [cobalt-developers] Raq 3 Hangs! Websites down
  - From: earthlink

Prev by Date: [cobalt-developers] gmon.out a security issue?
Next by Date: Re: [cobalt-developers] gmon.out a security issue?
Previous by thread: Re: [cobalt-developers] Raq 3 Hangs! Websites down
Next by thread: Re: [cobalt-developers] Raq 3 Hangs! Websites down

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index