Thanks, Tim. Can you find an example to display a SYN attack in Ganglia? I looked at Wiki Ganglia displays, but no example was apparent. It would help the majority if an example of the attack pattern were displayed.
No opinion on the case in this instance, but more information is better decision making. :D On Apr 22, 2013, at 2:33 AM, Tim Starling wrote: > On 22/04/13 15:34, Stephen Villano wrote: >> First, has there been any configuration changes shortly before the >> problem began? The first rule is "look for stupidity", as in an >> error in configuration causing a self-DOS. Many of us have done >> that to ourselves, to our embarrassment. If not, go with Tim's >> suggestion and also look at squid's logs. Are you getting requests, >> but no full session (syn flood)? >> >> I'm on your site periodically. It's normally smoothly running, >> since you went with Linode. The site is overall well behaved. >> However, it is one that could easily become the target of a script >> kiddie. So, do you have SYN cookies turned on? > > Most kinds of DoS attack, including SYN flooding, can be seen in > Ganglia as a sharp increase in inbound network traffic, especially as > measured by packet count (pkts_in). > > SYN cookies are definitely a good idea, regardless of whether an > attack is underway. They are enabled by default in Ubuntu. > > -- Tim Starling > > > _______________________________________________ > MediaWiki-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
