Knowledgebase
I'm under a Syn Flooding attack from single IP
Posted by Professor 0110, 04-12-2009, 09:03 PM | Hi everyone,
My website has been under a constant Syn Flood DoS attack for the past few days. However, the attack originates from a single IP address that changes every few hours (Possibly a syn flood script with IP spoofing capabilities).
The Syn Flood attack isn't creating any spike whatsoever in my usage graphs, however, its still rather annoying. What firewall should I use to combat the DoS attack?
Thanks.
|
Posted by Host Our Web, 04-12-2009, 09:14 PM | a simple google search got these.
http://pikt.org/pikt/samples/iptable...grams.cfg.html
http://www.cyberciti.biz/tips/howto-...n-attacks.html
Also you may want to consider a host that protects against these sort of attacks.
|
Posted by hexahost, 04-13-2009, 02:01 AM | Use APF / CSF firewall. That would help you to easilly block the IP you want.
|
Posted by Deem3n®, 04-13-2009, 09:11 AM | You can try to write a script that will analyse the firewall logs or netstat activity and place the most active IPs to blacklist
|
Posted by JSHosts, 04-13-2009, 09:13 AM | If you're using Linux, I'd recommend APF with DoS-Deflate.
APF: http://www.rfxn.com/projects/advanced-policy-firewall/
DoS-Deflate: http://deflate.medialayer.com/
|
|
Add to Favourites
Print this Article |
Also Read