[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] RAQ2 SYN flood attack
- Subject: [cobalt-users] RAQ2 SYN flood attack
- From: Jay Summers <jay@xxxxxxxxxxxxxxxxxxxx>
- Date: Tue Apr 10 06:44:10 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Hey everyone,
I just wanted to let everyone know that yesterday I caught someone doing an
SYN flood attack on our server. I happened to notice it in the hourly
logcheck email. I got a hold of our colo provider and they took it off line
for a few minutes. That apparently stopped the attacker. Unfortunately he
probably moved on to attack someone else.
My question is, are these SYN floods a big problem or are they more of a
nuisance DoS attack? Any guru's out there have any input?
Are the older RAQ2 kernels open to this kind of attack? My RAQ2 kernel is
listed as 2.0.34.
I've included some of my logs for the benefit of others on the list. Maybe
it will help you spot any future trouble.
--
TIA,
jay
=-=-=-=-=-=-=-=
Apr 9 13:01:19 ns1 kernel: Warning: possible SYN flood from 24.4.254.129 on
207.228.240.126:80. Sending cookies.
Apr 9 13:02:35 ns1 kernel: Warning: possible SYN flood from 207.228.234.9
on 207.228.240.118:80. Sending cookies.
Apr 9 13:03:39 ns1 kernel: Warning: possible SYN flood from 63.82.228.2 on
207.228.240.120:80. Sending cookies.
Apr 9 13:04:42 ns1 kernel: Warning: possible SYN flood from 142.176.71.130
on 207.228.240.120:80. Sending cookies.
Apr 9 13:05:57 ns1 kernel: Warning: possible SYN flood from 38.168.9.34 on
207.228.240.114:80. Sending cookies.
Apr 9 13:07:01 ns1 kernel: Warning: possible SYN flood from 210.18.5.198 on
207.228.240.120:80. Sending cookies.
Apr 9 13:08:14 ns1 kernel: Warning: possible SYN flood from 142.176.140.230
on 207.228.240.115:80. Sending cookies.
Apr 9 13:09:25 ns1 kernel: Warning: possible SYN flood from 147.154.232.3
on 207.228.240.125:80. Sending cookies.
Apr 9 13:10:34 ns1 kernel: Warning: possible SYN flood from 63.254.21.251
on 207.228.240.120:80. Sending cookies.
Apr 9 13:11:35 ns1 kernel: Warning: possible SYN flood from 198.202.124.244
on 207.228.240.124:80. Sending cookies.
Apr 9 13:12:37 ns1 kernel: Warning: possible SYN flood from 216.28.194.169
on 207.228.240.124:80. Sending cookies.
Apr 9 13:13:39 ns1 kernel: Warning: possible SYN flood from 63.82.228.2 on
207.228.240.120:80. Sending cookies.
Apr 9 13:15:00 ns1 kernel: Warning: possible SYN flood from 205.215.32.242
on 207.228.240.120:80. Sending cookies.
Apr 9 13:16:00 ns1 kernel: Warning: possible SYN flood from 38.205.23.6 on
207.228.240.120:80. Sending cookies.
Apr 9 13:17:02 ns1 kernel: Warning: possible SYN flood from 209.240.220.186
on 207.228.240.126:80. Sending cookies.
Apr 9 13:18:03 ns1 kernel: Warning: possible SYN flood from 216.13.101.10
on 207.228.240.126:80. Sending cookies.
Apr 9 13:19:14 ns1 kernel: Warning: possible SYN flood from 209.73.164.130
on 207.228.240.115:80. Sending cookies.
Apr 9 13:20:24 ns1 kernel: Warning: possible SYN flood from 209.73.164.130
on 207.228.240.115:80. Sending cookies.
Apr 9 13:21:34 ns1 kernel: Warning: possible SYN flood from 209.73.164.130
on 207.228.240.115:80. Sending cookies.
Apr 9 13:22:37 ns1 kernel: Warning: possible SYN flood from 209.73.164.130
on 207.228.240.115:80. Sending cookies.
Apr 9 13:23:41 ns1 kernel: Warning: possible SYN flood from 216.114.64.252
on 207.228.240.115:80. Sending cookies.
Apr 9 13:24:56 ns1 kernel: Warning: possible SYN flood from 203.106.174.77
on 207.228.240.115:80. Sending cookies.
Apr 9 13:25:59 ns1 kernel: Warning: possible SYN flood from 198.139.155.30
on 207.228.240.126:80. Sending cookies.
Apr 9 13:27:02 ns1 kernel: Warning: possible SYN flood from 208.226.120.232
on 207.228.240.120:80. Sending cookies.
Apr 9 13:28:08 ns1 kernel: Warning: possible SYN flood from 209.213.77.250
on 207.228.240.115:80. Sending cookies.
Apr 9 13:29:09 ns1 kernel: Warning: possible SYN flood from 209.73.164.130
on 207.228.240.115:80. Sending cookies.
Apr 9 13:30:16 ns1 kernel: Warning: possible SYN flood from 208.210.153.168
on 207.228.240.120:80. Sending cookies.
Apr 9 13:31:29 ns1 kernel: Warning: possible SYN flood from 141.154.64.40
on 207.228.240.122:80. Sending cookies.
Apr 9 13:32:29 ns1 kernel: Warning: possible SYN flood from 12.33.186.238
on 207.228.240.130:80. Sending cookies.
Apr 9 13:33:31 ns1 kernel: Warning: possible SYN flood from 198.139.155.30
on 207.228.240.122:80. Sending cookies.
Apr 9 13:34:33 ns1 kernel: Warning: possible SYN flood from 192.193.196.9
on 207.228.240.125:80. Sending cookies.
Apr 9 13:35:38 ns1 kernel: Warning: possible SYN flood from 198.139.155.30
on 207.228.243.240:80. Sending cookies.
Apr 9 13:36:40 ns1 kernel: Warning: possible SYN flood from 63.66.43.2 on
207.228.240.124:80. Sending cookies.
Apr 9 13:37:48 ns1 kernel: Warning: possible SYN flood from 207.228.234.9
on 207.228.240.6:80. Sending cookies.
Apr 9 13:38:52 ns1 kernel: Warning: possible SYN flood from 198.139.155.30
on 207.228.240.122:80. Sending cookies.
Apr 9 13:40:01 ns1 kernel: Warning: possible SYN flood from 216.239.46.20
on 207.228.240.120:80. Sending cookies.
Apr 9 13:41:03 ns1 kernel: Warning: possible SYN flood from 209.73.164.130
on 207.228.240.115:80. Sending cookies.
Apr 9 13:42:06 ns1 kernel: Warning: possible SYN flood from 208.210.153.168
on 207.228.240.115:80. Sending cookies.
Apr 9 13:43:07 ns1 kernel: Warning: possible SYN flood from 212.253.6.241
on 207.228.240.120:80. Sending cookies.
Apr 9 13:44:08 ns1 kernel: Warning: possible SYN flood from 198.139.155.30
on 207.228.240.122:80. Sending cookies.
Apr 9 13:45:11 ns1 kernel: Warning: possible SYN flood from 206.52.151.22
on 207.228.240.120:80. Sending cookies.
Apr 9 13:46:12 ns1 kernel: Warning: possible SYN flood from 209.73.164.130
on 207.228.240.115:80. Sending cookies.
Apr 9 13:47:30 ns1 kernel: Warning: possible SYN flood from 212.252.180.160
on 207.228.240.120:80. Sending cookies.
Apr 9 13:48:32 ns1 kernel: Warning: possible SYN flood from 209.73.164.130
on 207.228.240.115:80. Sending cookies.