Questions tagged [flooding]

The tag has no usage guidance.

Filter by
Sorted by
Tagged with
0 votes
0 answers

Automatic TCP SYN - cookie activation

I am simulating a SYN flood attack on a Raspberry Pi 1 with KALI Linux (ARM) installed. A similar message as mentioned in this post was printed after performing the attack: How to avoid syn cookies. ...
Gerry's user avatar
  • 1
0 votes
2 answers

How to detect an intranet SYN flood?

I got this problem: whenever I plug a Linux-server into the intranet, the whole network slows down and then die. Every ping/ssh connection between the intranet yields time out. I unplugged it, then ...
EyeQ Tech's user avatar
  • 131
1 vote
0 answers

how can i block/ban an ip after a number of rejects on a mail server?

I found several attempts to use my email server as relay. The helo command was not coming from a FQDN and therefor the request got rejected. Is there a way to ban an IP address complelty after a ...
zippy-flop's user avatar
1 vote
1 answer

Block SYN,ACK response with iptables

I have a virtual environment and Iam making a SYN flood attack to a Ubuntu Server's port 53 using Kali 2020. I realized that a countermeasure for this attack is to limit or block the responses to the ...
user568948's user avatar
1 vote
2 answers

Too much ARP 60 Packets and Network is getting very slow

I am seeing too much ARP 60 packets from one IP in wireshark. Our LAN is getting too slow, But the internet is working fine without any issues. But cant access local printers, file share etc Am ...
Muneeb K's user avatar
  • 111
1 vote
0 answers

SYNPROXY doesn't seem to be running

I have attempted to create iptables rules to prevent my server connections limit to be filled up with in-completed SYN packets for which no ACK packet is returned by the client (SYN flood attack). I ...
I'm Root James's user avatar
3 votes
1 answer

MAC layer unicast flooding a switched network

The network in question: It is a fully switched network with no routing. There is no known RSPT problems. There are 10 small switches. Each small switch has many small industrial devices talking to ...
ugn's user avatar
  • 31
0 votes
1 answer

iptables ... -j DROP appears to leave connections open?

So forgive me if this is a dumb question, I'm not much of a networking expert. A friends server is being flooded by a certain IP, which is pretty obvious when looking at the output of tcptrace, as ...
DarkWiiPlayer's user avatar
0 votes
0 answers

running snort and IGMP v2 flooding

I am not a network guru so please bear with me. I am running snort on a PLC (running rt-linux) along with an application that needs to communicate with another instance of the same application ...
awatan's user avatar
  • 101
-1 votes
1 answer

Running tcpdump starts ssh flood

I have runtime Linux running in a PLC. My development machine is running Ubuntu 14.04. The PLC and the development machine are connected through a five port switch. I ssh to PLC from my development ...
awatan's user avatar
  • 101
0 votes
1 answer

opnsense disable anti flood

I've just installed OPNSense; it's working ok, I can have traffic in/out, but when trying to use a sustained stream such as rtmp, it stops after a few kB. If I disable the firewall, the stream goes on,...
greg's user avatar
  • 169
0 votes
0 answers

Nginx flooded by IP address that's not going away

We are using nginx and seem flooded by an IP address that that's not going away even after putting it in firewall and usng tcpkill. $ netstat -tn 2>/dev/null | grep :80 | awk '{print $5}' | cut -d:...
Mugoma J. Okomba's user avatar
0 votes
0 answers

Network timeouts with CentOS 7 server running in the same network (Syn-Flooding)

As described above, I'm having problems with my network during my CentOS 7 running. When I first encountered problems with my network I tried to permanently run ping on the main router in the same ...
patvax's user avatar
  • 151
2 votes
1 answer

TMG only windows 2008 r2 installing. NOT WORKING windows server 2012 r2

TMG Forefront only working windows server 2008 or 2008R2 - Not working windows server 2012. How to mitigation windows server 2012R2 - Flood attacks,http attacks ? Please help how to build windows ...
Ahmet Berk Başaran's user avatar
0 votes
1 answer

High Traffic from Content Delivery Networks

I am having trouble on our school network recently. When browsing the internet users will often get an error from the browser saying "No Internet DNS_PROBE_FINISHED_NXDOMAIN" but when they refresh the ...
Joel Page's user avatar
  • 113
-1 votes
1 answer

Apache being hit by requests (cpu 100%)

recently we moved to a new host (DO) for one of my client after being on a shared account . I was monitoring the cpu and it was always at 100% , knowing that the site dosnt get a lot of traffic , ...
Tarek's user avatar
  • 101
2 votes
1 answer

Apache access.log flood with GET ...HTTP/1.1" requests

I have a server with Ubuntu 14.04, laravel 5.2 framework. On the last 24 hours somebody continously send flood requests from different ip adresses as shown below (log/apache2/access.log): 198.46....
Petres Arpad's user avatar
0 votes
1 answer

Fail2ban block on destination ip address

I have a server listening on multiple public ip addresses. When a certain situation occurs I want fail2ban to ban only on the specific ip address where the connection is attempted and not on the whole ...
Romeo Mihalcea's user avatar
2 votes
2 answers

Linux bonding (balance-tlb), KVM guests and L2 switches = unicast flooding?

I have a unicast flooding problem on my network, that started when I moved some software to virtualized guests. It seems very similar to what reported here: Switch flooding when bonding interfaces in ...
z2k's user avatar
  • 103
-1 votes
1 answer

can't block IP that is attacking one of my sites with xmlrpc.php attack

I'm at my wits end right now. I have a wordpress site that thankfull is still just a blank template. Last week I saw it was being hammered by an IP from Lithuania and has been flagged ...
Tamerax's user avatar
  • 15
4 votes
0 answers

Fail2ban floods and slow response time

I tried searching for this; I found many people asking but I wasn't successfully to find a working (for me) solution. I have an application that logs each connection on a custom log file. When ...
Ivan Maria Spadacenta's user avatar
1 vote
0 answers

ICMP DDoS, proper ACL?

We are having about a 3-4Gbps ICMP flood on one of our servers and I wonder.. I have a 20gbps of DDoS protection but the proetction seems ineffective against ICMP funnily (it worked well to block a ...
Yannick's user avatar
  • 119
1 vote
1 answer

Strange NetBIOS query with old computer name

I've one computer in our network which I first named PC029. Shortly after I changed its name to PC021. This was more than a year ago. Today I've found (thanks to Wireshark) that this computer is ...
Farlop's user avatar
  • 193
2 votes
0 answers

Protecting network from a broadcast storm

We have a flat office network tree built on a number of different ProCurve L2 and L3 GigE switches that spans some 300 ports. Today I found that one of the devices in the network for a short period of ...
Dima Chubarov's user avatar
4 votes
1 answer

Finding google unusual traffic

We are a small Internet provider. In order to get Internet access we are using NAT (10-20 users per one public IP). And lately we've met with Google blocking services (captcha and full block) and we ...
Alex's user avatar
  • 231
1 vote
2 answers

Firewall UDP Flood Dos/DDoS

Recently I have been suffering from what appears to be a UDP query flood attack. I am looking for a way to block the attack using a software firewall such as iptables, this should be possible, as ...
Bill Boverhaven's user avatar
0 votes
1 answer

How to prevent TCP network flood triggered by KVM VPS clients?

How to to protect nodes/ detect and block KVM VPS clients that TCP flood the network ? I use SolusVM VPS management system. Recently one abuser toke several VPSs and flood it the datacenter network. ...
Blazer's user avatar
  • 77
0 votes
1 answer

What is the best way to harden a postfix null client on an exploited php webserver?

We use postfix as a null client to send out mail from a php webserver via sendmail. We host our incoming mail servers elsewhere and use a SPF record to authorise the server to send emails from our ...
Phil's user avatar
  • 157
2 votes
3 answers

IPTABLES block User-Agent

I get DDoS by the Wordpress Pingback BOTNET, now I want to block all client who contain Wordpress in there Useragents. For example: WordPress/4.0;; verifying pingback from 107.158....
user3135461's user avatar
0 votes
1 answer

Check if a constant file request is flooding the server

I'm new to this sort of thing so forgive me if I ask anything stupid. I am using moodle (open source LMS), it has a feature where you can upload a scorm package which requires a reliable internet ...
David North's user avatar
-2 votes
1 answer

Why is there flooding on L2 but not on L3?

Why is it, that on L2 (when there is no MAC Table entry for a new packet) there is MAC Flooding. But at the same time on L3 there is an ARP request (when there is no entry in the ARP table for a new ...
Jimmy88's user avatar
  • 341
1 vote
0 answers

How to block hping3 SYN ACK efficiently with iptables?

I'm trying to execute a TCP SYN flood on my Debian web server with nginx. Executing tcpdump "tcp[tcpflags] & (tcp-syn) != 0" while flooding, I see all packets coming. iptables seem to work well ...
Franzz's user avatar
  • 11
1 vote
0 answers

ntopng: Host XXX.XXX.XXX.XXX is a flooder [NNN new flows in the last 3 sec]

I am exploring ntopng reports on my router and seeing, that one computer on my LAN is a flooder. ntopng says Host XXX.XXX.XXX.XXX is a flooder [NNN new flows in the last 3 sec] How to explore these ...
user avatar
0 votes
1 answer

Strange TCP Flood / Flood from Port 445

Good Evening. Today I noticed a strange flood on a box that I am working with, here is a dump from tcpdump: 23:21:07.580917 IP (tos 0x0, ttl 64, id 5746, offset 0, flags [DF], proto TCP (6), length ...
David Bernard's user avatar
5 votes
1 answer

every minute - possible SYN flooding on port 80

On our Linux server from time to time we get well known SYN flood message: possible SYN flooding on port 80 this is probably not an attack because website traffic is big. However from some time ...
Nick's user avatar
  • 826
0 votes
0 answers

GET /wpad.dat entries flooding my access_log

I have a small LAN of some 30 users in it with proxy auto configuration enabled and working. Two of them are requesting wpad.dat file too rapidly at a pace of 30 times per second. - - [...
Aas's user avatar
  • 318
1 vote
0 answers

Network flooded with LLC packet

Recently my network has been slow. From Tcpdump i found lot of frame with protocol LLC. A complete packet capture can been here tcpdump result Any hints on interpreting these packet?
riizzz's user avatar
  • 11
0 votes
1 answer

How to detect malicious script in my CentOS server? [duplicate]

I am warned from my VPS provider that my server sends a lot of SSH SYN Attack to other servers, but I have no idea how to deal with it. Here's the detail my provider sent me: Where can I find the ...
WoooHaaaa's user avatar
  • 1,615
1 vote
2 answers

Protection against scrapping with nginx

This morning we had a crawler going nuts on our server hitting our site almost 100 times per second. We'd like to add a protection for this. I guess I'' have to use HttpLimitReqModule but I don't ...
bl0b's user avatar
  • 139
1 vote
2 answers

Stange stream of HTTP GET requests in apache logs, from amazon ec2 instances

I just had a look at my apache logs, and I see a lot of very similar requests: GET / HTTP/1.1 User-Agent: curl/7.24.0 (i386-redhat-linux-gnu) libcurl/7.24.0 \ NSS/ zlib/1.2.5 libidn/1.18 ...
Alexandre Boeglin's user avatar
2 votes
1 answer

How to protect from spoofed SYN flood on a Linux machine? [duplicate]

I have a server (2 x E2620, 32 GB RAM, Debian 6 Linux us-fw 2.6.32-5-amd64 #1 SMP Mon Feb 25 00:26:11 UTC 2013 x86_64 GNU/Linux, 10G Intel Ethernet Card). It has an Nginx proxy server inside. Idea is ...
Sergey Lensky's user avatar
1 vote
1 answer

sudo passwd on Ubuntu 11.10 strange behavior. Have I been rooted?

I'm in a really strange situation. A few hours ago Rackspace issued a ticket saying there's a outbound flood originating from my server. Thinking the server might have been rooted with a rootkit I ...
qwexar's user avatar
  • 111
0 votes
2 answers

iptables rules for botnet (UDP flood) protection

I'm currently experiencing a massive UDP attack on my server. I host a couple of gameservers, mainly Tf2, CS:GO, CS 1.6 and CS:Source, and my 1.6 server is being flooded. I tried different rules in ...
Petar Simeonov's user avatar
2 votes
3 answers

Network flooded with seemingly empty packets

Let me preface this with the fact that I'm just a web developer at my company with little networking knowledge. Earlier today there was a department that lost all of their network connections so I ...
Adam Particka's user avatar
0 votes
4 answers

apache being flooded?

I have a linux apache server which was running fine until a few days ago. What happened is from the access log there are lines like this, and the log file is growing by many lines every second. ...
Daniel's user avatar
  • 23
2 votes
1 answer

Windows Server 2008: Limit UDP/TCP packets per IP or ban

How I can limit UDP/TCP packets per IP send to my host (or better PORT) per second or minute ? Would be nice to ban that IP for 12/24 hours or even for ever. I got Windows Server 2008 and I'm very ...
WBAR's user avatar
  • 71
2 votes
1 answer

Mitigate HTTP connect floods with HAproxy + Apache

Our infrastructure consists of load balancers running HAProxy and Apache, which forward traffic to our app servers running just Apache. The past few days, we've been seeing connection floods which the ...
Christopher Armstrong's user avatar
1 vote
1 answer

UDP flooding multiple servers [duplicate]

Possible Duplicate: What are the best techniques for preventing denial of service attacks? What do you suggest? Being UDP flooded as I write to multiple servers in different data centers in 5 ...
Chris Gurney's user avatar
1 vote
1 answer

Why is FunWebProducts flooding my server?

I have received 47 000 hits in the past couple of hours from a single domain. I researched FunWebProducts but it seems to be some kind of a plugin, not sure how this is possible? - - [03/...
giorgio79's user avatar
  • 1,837
0 votes
2 answers

IPTABLES for block sync flood over udp

I'm a victim of a sync flood attack over UDP port. This came from a lot of different IPs. The machine, a dedicated server, is an hlds game server, and the attacker overload the UDP ports, this cause a ...
Kiwi's user avatar
  • 33