|
Only DoS.
-----Messaggio originale-----
Da: Malcolm Turnbull [mailto:Malcolm.Turnbull@xxxxxxxxxxxx]
Inviato: 18 December 2002 18:11
A: lvs-users@xxxxxxxxxxxxxxxxxxxxxx; Ca Phun Ung
Oggetto: Is someone hacking me ?
I just got a large spike in traffic approx 10 connections per second from :
TCP 00:25 FIN_WAIT cache10.drkw.com:49470 192.168.1.13:http 192.168.1.7:http
TCP 00:24 FIN_WAIT cache10.drkw.com:49441 192.168.1.13:http 192.168.1.4:http
TCP 00:26 FIN_WAIT cache10.drkw.com:49440 192.168.1.13:http 192.168.1.7:http
TCP 00:24 FIN_WAIT cache10.drkw.com:49442 192.168.1.13:http 192.168.1.4:http
TCP 01:47 FIN_WAIT cache10.drkw.com:53541 192.168.1.13:http
192.168.1.6:http
etc...
All the connections are showing as inactive...
So I assume http://www.drkw.com/ has been hacked and the hacker is
targeting me ?
Can someone explain how the DOS protection stuff works and what would
you sugest using to limit bursts like this ?
10 connections a second is not a problem but it just got me worried :-).
--
Regards,
Malcolm Turnbull.
Crocus.co.uk Ltd
01344 629629
http://www.crocus.co.uk/
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|
