Shachar Shemesh wrote:
Hi all,
I have a very strange problem on a production server. The problem just
started, out of the blue, last night, and I am, so far, unable to
understand where it is coming from.
My Apache server, all of the sudden, won't handle more than one
connection every two seconds or so. Everybody else are stuck in
"SYN_RECEIVED" state. In other words, the connection never gets
established!
I feel somewhat ashamed of this one. I did not think an attack this old
was still effective against modern operating systems.
This is a simple, old fashioned, SYN attack. The server is being
bombarded by lots of SYN requests to port 80. A simple "echo 1 >
/proc/sys/net/ipv4/tcp_syncookies" solved it.
Ok, maybe "solved it" is not the right word. The server is still being
attacked. However, it is back online.
Shachar
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
