Results 1 to 2 of 2
-
08-29-2007, 05:52 PM #1Newbie
- Join Date
- Oct 2006
- Location
- Chile
- Posts
- 19
D.O.S problem ?? attack on named - HELP ME
Hello ...
Well the last week my server has experimenting a big load on some hours of the day and every deay ....
all looks goods , few TIME_WAIT packages , few conections per ip , few process of httpd ....
when I check with a: tail -f /var/log/messages appears a lot of this lines
Aug 29 17:28:49 server kernel: Firewall: *UDP_IN Blocked* IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:2f:87:27:83:08:00 SRC=190.8.82.204 DST=255.255.255.255 LEN=75 TOS=0x00 PREC=0x00 TTL=128 ID=27592 PROTO=UDP SPT=8782 DPT=9777 LEN=55
Aug 29 17:28:54 server kernel: printk: 33 messages suppressed.
Aug 29 17:28:55 server kernel: Neighbour table overflow.
Aug 29 17:28:58 server last message repeated 3 times
Aug 29 17:29:23 server named[1949]: client 209.244.7.40#5302: error sending response: not enough free resources
Aug 29 17:29:27 server last message repeated 2 times
Aug 29 17:29:24 server kernel: Neighbour table overflow.
Aug 29 17:29:29 server named[1949]: client 209.244.7.40#5302: error sending response: not enough free resources
Aug 29 17:29:31 server named[1949]: client 209.244.7.40#5302: error sending response: not enough free resources
Aug 29 17:29:34 server kernel: Neighbour table overflow.
Aug 29 17:29:35 server last message repeated 3 times
Aug 29 17:29:35 server named[1949]: client 200.225.157.203#32841: error sending response: not enough free resources
Aug 29 17:29:35 server kernel: Neighbour table overflow.
Aug 29 17:29:35 server named[1949]: client 200.225.157.203#32841: error sending response: not enough free resources
Aug 29 17:29:36 server kernel: Neighbour table overflow.
Aug 29 17:29:36 server named[1949]: client 200.225.157.203#32841: error sending response: not enough free resources
Aug 29 17:29:36 server kernel: Neighbour table overflow.
Aug 29 17:29:36 server named[1949]: client 200.225.157.203#32841: error sending response: not enough free resources
this could be an atack ?? because appears a lot of differents ip and they try to access in differnts ports...
Somebody know about this problem or how I can fix it ??
thanks a lot !!
-
08-29-2007, 06:45 PM #2Junior Guru Wannabe
- Join Date
- Jun 2006
- Location
- United Kingdom
- Posts
- 95
First of all make sure you have a firewall installed which will help limit the IP connections, and block them when a DDos attack is detected.
A solution is listed below, but you need to take more action to protect the server.
Contact your datacenter/ISP and ask them to monitor the traffic, and filter it where possible to help take load away from your server.
http://www.gnulinuxclub.org/index.ph...=333&Itemid=49Richard - Aventure United Kingdom
Managed Servers, Email Marketing, CPanel Shared/Reseller Accounts
http://www.aventurehost.com - http://www.twitter.com/aventure