Results 1 to 9 of 9
Thread: Help on "Port Flood"
-
03-24-2014, 12:56 AM #1WHT Addict
- Join Date
- Nov 2009
- Posts
- 148
Help on "Port Flood"
I using csf on my server, i have too many message about port flood in my /var/log/messages
Server isdetected flood attack, but attacker ips not blocked on the server.
How can change server setting for auto block attacker ips?
Code:Mar 24 09:20:53 static kernel: [ 312.032093] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=39669 DF PROTO=TCP SPT=43929 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:20:55 static kernel: [ 314.052981] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=2.180.181.111 DST=5.9.148.79 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=46564 DF PROTO=TCP SPT=2619 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 Mar 24 09:20:57 static kernel: [ 316.166741] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=65.49.68.196 DST=5.9.148.79 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=35650 DF PROTO=TCP SPT=18040 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:20:59 static kernel: [ 318.028172] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=39670 DF PROTO=TCP SPT=43929 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:21:01 static kernel: [ 320.090812] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=2.180.181.111 DST=5.9.148.79 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=47500 DF PROTO=TCP SPT=2619 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 Mar 24 09:21:03 static kernel: [ 322.162870] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=65.49.68.196 DST=5.9.148.79 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=35652 DF PROTO=TCP SPT=18040 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:21:06 static kernel: [ 325.160926] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=65.49.68.196 DST=5.9.148.79 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=35653 DF PROTO=TCP SPT=18040 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:21:09 static kernel: [ 328.158940] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=65.49.68.196 DST=5.9.148.79 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=35654 DF PROTO=TCP SPT=18040 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:21:09 static kernel: [ 328.308952] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=65.49.68.196 DST=5.9.148.79 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=51747 DF PROTO=TCP SPT=18233 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:21:11 static kernel: [ 330.021119] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=39671 DF PROTO=TCP SPT=43929 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:21:13 static kernel: [ 332.056304] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=2.180.181.111 DST=5.9.148.79 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=50292 DF PROTO=TCP SPT=2730 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 Mar 24 09:21:15 static kernel: [ 334.659677] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=2.180.181.111 DST=5.9.148.79 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=50701 DF PROTO=TCP SPT=2725 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 Mar 24 09:21:17 static kernel: [ 336.973534] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=31.41.216.125 DST=5.9.148.79 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=8572 DF PROTO=TCP SPT=65290 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 24 09:21:19 static kernel: [ 338.886792] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=27693 DF PROTO=TCP SPT=34087 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:21:21 static kernel: [ 340.590205] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=2.180.181.111 DST=5.9.148.79 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=52273 DF PROTO=TCP SPT=2725 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 Mar 24 09:21:23 static kernel: [ 342.970172] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=31.41.216.125 DST=5.9.148.79 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=19406 DF PROTO=TCP SPT=65290 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 24 09:21:27 static kernel: [ 346.172557] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=22488 DF PROTO=TCP SPT=59986 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:21:27 static kernel: [ 346.185637] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=35338 DF PROTO=TCP SPT=48444 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:21:31 static kernel: [ 350.879929] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=27694 DF PROTO=TCP SPT=34087 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:21:31 static kernel: [ 350.887294] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=45412 DF PROTO=TCP SPT=45112 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:21:33 static kernel: [ 352.182521] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=35339 DF PROTO=TCP SPT=48444 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:21:35 static kernel: [ 354.008139] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=39672 DF PROTO=TCP SPT=43929 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:21:39 static kernel: [ 358.021982] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=31.41.216.125 DST=5.9.148.79 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=11885 DF PROTO=TCP SPT=52531 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 24 09:21:39 static kernel: [ 358.711187] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=29611 DF PROTO=TCP SPT=57342 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:21:42 static kernel: [ 361.709390] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=47165 DF PROTO=TCP SPT=41004 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:21:45 static kernel: [ 364.018473] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=31.41.216.125 DST=5.9.148.79 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=23854 DF PROTO=TCP SPT=52531 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 24 09:21:45 static kernel: [ 364.175601] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=35340 DF PROTO=TCP SPT=48444 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:21:47 static kernel: [ 366.739084] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=47946 DF PROTO=TCP SPT=53249 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:21:50 static kernel: [ 369.736617] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=47947 DF PROTO=TCP SPT=53249 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:21:52 static kernel: [ 371.875413] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=45415 DF PROTO=TCP SPT=45112 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:21:54 static kernel: [ 373.176620] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=30408 DF PROTO=TCP SPT=53018 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:21:55 static kernel: [ 374.866796] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=27695 DF PROTO=TCP SPT=34087 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:21:57 static kernel: [ 376.046139] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=31.41.216.125 DST=5.9.148.79 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=11587 DF PROTO=TCP SPT=56641 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 24 09:22:00 static kernel: [ 379.059718] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=31.41.216.125 DST=5.9.148.79 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=16619 DF PROTO=TCP SPT=56641 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 24 09:22:01 static kernel: [ 380.872126] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=47038 DF PROTO=TCP SPT=57376 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:22:03 static kernel: [ 382.697041] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=29612 DF PROTO=TCP SPT=57342 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:22:06 static kernel: [ 385.063032] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=31.41.216.125 DST=5.9.148.79 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=25023 DF PROTO=TCP SPT=56641 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 24 09:22:08 static kernel: [ 387.725912] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=47949 DF PROTO=TCP SPT=53249 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:22:09 static kernel: [ 388.161992] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=35341 DF PROTO=TCP SPT=48444 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:22:11 static kernel: [ 390.726273] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=22295 DF PROTO=TCP SPT=54678 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:22:13 static kernel: [ 392.865895] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=47039 DF PROTO=TCP SPT=57376 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:22:16 static kernel: [ 395.861363] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=45416 DF PROTO=TCP SPT=45112 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:22:17 static kernel: [ 396.723734] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=22296 DF PROTO=TCP SPT=54678 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:22:21 static kernel: [ 400.122561] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=31.41.216.125 DST=5.9.148.79 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=14230 DF PROTO=TCP SPT=60081 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 24 09:22:24 static kernel: [ 403.690692] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=28404 DF PROTO=TCP SPT=45043 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:22:27 static kernel: [ 406.162219] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=31.41.216.125 DST=5.9.148.79 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=23932 DF PROTO=TCP SPT=60081 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 24 09:22:29 static kernel: [ 408.715627] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=22297 DF PROTO=TCP SPT=54678 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:22:29 static kernel: [ 408.717716] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=56185 DF PROTO=TCP SPT=47089 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:22:30 static kernel: [ 409.155634] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=30410 DF PROTO=TCP SPT=53018 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:22:32 static kernel: [ 411.711857] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=47950 DF PROTO=TCP SPT=53249 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:22:37 static kernel: [ 416.850970] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=47040 DF PROTO=TCP SPT=57376 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:22:39 static kernel: [ 418.151557] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=31.41.216.125 DST=5.9.148.79 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=8427 DF PROTO=TCP SPT=63678 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 24 09:22:41 static kernel: [ 420.393447] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=65.49.68.167 DST=5.9.148.79 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=21191 DF PROTO=TCP SPT=52771 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:22:42 static kernel: [ 421.232595] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=31.41.216.125 DST=5.9.148.79 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=13441 DF PROTO=TCP SPT=63678 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 24 09:22:43 static kernel: [ 422.392906] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=65.49.68.167 DST=5.9.148.79 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=21192 DF PROTO=TCP SPT=52771 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:22:45 static kernel: [ 424.771248] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=178.122.86.103 DST=5.9.148.79 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=27095 DF PROTO=TCP SPT=64226 DPT=19568 WINDOW=8192 RES=0x00 SYN URGP=0 Mar 24 09:22:46 static kernel: [ 425.391021] Firewall: *Port Flood* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=65.49.68.167 DST=5.9.148.79 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=21193 DF PROTO=TCP SPT=52771 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Mar 24 09:22:47 static kernel: [ 426.745152] Firewall: *TCP_IN Blocked* IN=eth0 OUT= MAC=30:85:a9:a9:56:9e:78:fe:3d:43:71:0d:08:00 SRC=178.122.86.103 DST=5.9.148.79 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=30141 DF PROTO=TCP SPT=64226 DPT=19568 WINDOW=8192 RES=0x00 SYN URGP=0
-
03-24-2014, 01:57 AM #2Web Hosting Master
- Join Date
- May 2011
- Location
- /root
- Posts
- 630
You can use CSF to block these. Please check http://configserver.com/free/csf/readme.txt and lookout for the PORTFLOOD section.
|| Tecsys Solutions LLC | Outperforming the Performers!! ||
|| Outsourced Server Management and Technical Support Solutions ||
|| Now Offering Secure Managed VPS and Dedicated Servers specially setup for Hosting Providers ||
|| https://www.24x7TechnicalSupport.net || https://www.mxv.net ||
-
03-24-2014, 02:30 AM #3WHT Addict
- Join Date
- Nov 2009
- Posts
- 148
Thank you.
a setting of PORTFLOOD = "22;tcp;5;300,80;tcp;20;5" means:
If more than 5 connections to tcp port 22 within 300 seconds, then block
that IP address from port 22 for at least 300 seconds after the last packet is
see
How can block this ip for one day if more than 5 connections to tcp port 22 within 300 seconds?
-
03-24-2014, 02:31 AM #4WHT Addict
- Join Date
- Nov 2009
- Posts
- 148
Another question, how can i understand which port is under flood now?
-
03-24-2014, 03:01 AM #5Disabled
- Join Date
- Oct 2013
- Posts
- 253
First check the server for which ports are open
once done you can see the port having high connections using netstat
I see its on port 80 where flooding is taking place from logs you have pasted
-
03-24-2014, 03:01 AM #6Web Hosting Guru
- Join Date
- Jan 2014
- Location
- Romania
- Posts
- 297
SRC=46.4.214.116 DST=5.9.148.79 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=47950 DF PROTO=TCP SPT=53249 DPT=80 WINDOW=5840 RES=0x00 SYN
Source IP is 46.4.214.116, destination IP is 5.9.148.79, source port is 53249, destination port is 80, TCP packet is SYN.
http://en.wikipedia.org/wiki/SYN_flood
-
03-24-2014, 03:30 AM #7WHT Addict
- Join Date
- Nov 2009
- Posts
- 148
How can understand which site in under attack?
-
03-24-2014, 03:34 AM #8Disabled
- Join Date
- Oct 2013
- Posts
- 253
You can monitor apache logs
if its a cpanel server you can use
tail -f /usr/local/apache/logs/error_logs and monitor the entries and check out
-
03-24-2014, 04:37 AM #9Aspiring Evangelist
- Join Date
- Mar 2009
- Location
- /home/khunj
- Posts
- 433
NinTechNet
★ NinjaFirewall : Web Application Firewall for PHP and WordPress.
★ NinjaMonitoring : Monitor your website for suspicious activities.
Similar Threads
-
HostPlate.com((NL)-"1Gbps 100TB" "100Mbps Unmetered","Dual Core" &"Quad Core"From €30
By navidos in forum Dedicated Hosting OffersReplies: 0Last Post: 01-06-2012, 11:33 AM -
HostPlate.com((NL)-"1Gbps 100TB" "100Mbps Unmetered","Dual Core" &"Quad Core"From €30
By navidos in forum Dedicated Hosting OffersReplies: 0Last Post: 12-24-2011, 09:45 AM