LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Is someone hacking me ?

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx, "Ca Phun Ung" <caphun.ung@xxxxxxxxxxxx>
Subject: Is someone hacking me ?
From: Malcolm Turnbull <Malcolm.Turnbull@xxxxxxxxxxxx>
Date: Wed, 18 Dec 2002 17:10:33 +0000

I just got a large spike in traffic approx 10 connections per second from :

TCP 00:25 FIN_WAIT cache10.drkw.com:49470 192.168.1.13:http 192.168.1.7:http
TCP 00:24 FIN_WAIT cache10.drkw.com:49441 192.168.1.13:http 192.168.1.4:http
TCP 00:26 FIN_WAIT cache10.drkw.com:49440 192.168.1.13:http 192.168.1.7:http
TCP 00:24 FIN_WAIT cache10.drkw.com:49442 192.168.1.13:http 192.168.1.4:http
TCP 01:47 FIN_WAIT cache10.drkw.com:53541 192.168.1.13:http 192.168.1.6:http

etc...

All the connections are showing as inactive...
So I assume http://www.drkw.com/ has been hacked and the hacker is targeting me ?

Can someone explain how the DOS protection stuff works and what would you sugest using to limit bursts like this ?

10 connections a second is not a problem but it just got me worried :-).





--


Regards,

Malcolm Turnbull.

Crocus.co.uk Ltd
01344 629629
http://www.crocus.co.uk/







<Prev in Thread] Current Thread [Next in Thread>