Find the answer to your Linux question:
Results 1 to 2 of 2
I found out the source of SYN FLOOD Address , how can i block it , is the best ? Sep 18 11:11:48 web kernel: SYN flood: IN=eth0 OUT= MAC=00:11:2f:1c:b3:c6:00:05:dc:97:6d:3c:08:00 ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2004
    Posts
    1

    I found out the source of SYN FLOOD Address ,What can i do


    I found out the source of SYN FLOOD Address , how can i block it , is the best ?
    Sep 18 11:11:48 web kernel: SYN flood: IN=eth0 OUT= MAC=00:11:2f:1c:b3:c6:00:05:dc:97:6d:3c:08:00 SRC=203.218.169.180 DST=xxx.xxx.xxx.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=1346 DF PROTO=TCP SPT=2621 DPT=80 WINDOW=64800 RES=0x00 SYN URGP=0
    Sep 18 11:11:43 web kernel: SYN flood: IN=eth0 OUT= MAC=00:11:2f:1c:b3:c6:00:05:dc:97:6d:3c:08:00 SRC=203.218.169.180 DST=xxx.xxx.xxx.xxx
    LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=1030 DF PROTO=TCP SPT=2580 DPT=80 WINDOW=64800 RES=0x00 SYN URGP=0
    Sep 18 11:11:43 web kernel: SYN flood: IN=eth0 OUT= MAC=00:11:2f:1c:b3:c6:00:05:dc:97:6d:3c:08:00 SRC=218.102.92.218 DST=xxx.xxx.xxx.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=21261 DF PROTO=TCP SPT=2566 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0
    Sep 18 11:11:43 web kernel: SYN flood: IN=eth0 OUT= MAC=00:11:2f:1c:b3:c6:00:05:dc:97:6d:3c:08:00 SRC=218.80.126.189 DST=xxx.xxx.xxx.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=46337 DF PROTO=TCP SPT=4847 DPT=80 WINDOW=64800 RES=0x00 SYN URGP=0
    Sep 18 11:11:43 web kernel: SYN flood: IN=eth0 OUT= MAC=00:11:2f:1c:b3:c6:00:05:dc:97:6d:3c:08:00 SRC=203.218.169.180 DST=xxx.xxx.xxx.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=1014 DF PROTO=TCP SPT=2578 DPT=80 WINDOW=64800 RES=0x00 SYN URGP=0


    this guy use many different un real ip to attack my server ... but i know his mac address now ... can i just block his mac address in iptable ?

  2. #2
    Just Joined!
    Join Date
    Sep 2004
    Location
    Deep within an underground fortress I am formulating my plans for global annihilation.
    Posts
    7
    Iptables can be used to filter MAC's, but I don't think that's what you want to do.

    You see when you send a packet odds are it's going through a router and that router stores the packets MAC in what's called an ARP CACHE and then resends the packet with it's, the routers mac address. So if you do a traceroute to 203.218.169.180 the MAC will be from the last router to you but the IP will be from the originating PC.

    DOS attacks are illegal and the proper way of dealing with this is to report the activity to your ISP or hosting company. They will find out who issues IP's in the 203.xxx.xxx.xxx and 218.xxx.xxx.xxx ranges with your logs and timestamps find the script kiddie by making him stop by either stopping their service or reporting to law enforcement. If they don't do anything then you have a ****** service provider and should reconsider doing business that dosen't protect their customers servers.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •