Date: Wed, 21 Apr 2004 22:26:54 -0400 From: "JJB" <Barbish3@adelphia.net> To: "meimi" <meimi_1@hotmail.com> Cc: freebsd-questions@freebsd.org Subject: RE: being DOSed Message-ID: <MIEPLLIBMLEEABPDBIEGCEIGFMAA.Barbish3@adelphia.net> In-Reply-To: <BAY16-DAV52mvmsckqR0000625c@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Edit httpd.conf and change the port it listens on, or add firewall rule to block inbound port 80. check http log to id attacking ip's, look for recurring cycle in ip address and add firewall rule to block. Be sure your http logs are configured to rotate and not fill all disk space then just ride it out. If you use dynamic ip address, turn off you cable or dsl modem for 3 min and when you power back up hopefully you will be issued an new ip address. This will stop attach if attack is targeted directly at you ip address and not using dsn to find you. I use zoneedit to redirect my domain name to different port than 80 and that stopped all http dos attacked based on directly targeted ip address. In most cases the attacker has port scanned all ip address in some large range looking for port 80 and when found he records ip address to launch spoofed sending ip address attack directly at your ip address. Zoneedit.com is free for up to 5 domain names. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of meimi Sent: Wednesday, April 21, 2004 8:22 PM To: Tuc Cc: freebsd-questions@freebsd.org Subject: Re: being DOSed I have found some IPs are opening 10 HTTP connection. Their IPs are changing and all IPs are from different ISP network. What should I do next? Thanks Meimi ----- Original Message ----- From: "Tuc" <tuc@ttsg.com> To: "meimi" <meimi_1@hotmail.com> Sent: Thursday, April 22, 2004 7:29 AM Subject: Re: being DOSed > > > > Hello, > > The bandwidth usage for my server is tripled for 3 hours. When I run > > "top", I find many httpd process in sbwait status. So, I think someone is > > DOSing my server. > > How can I check who is DOSing me? and how can I solve it? > > Thanks > > Meimi > > Quickly : > > netstat -an | sort | grep tcp4|more > > Look for an IP with alot of connections. (We have a script that > actually will count this for us, but its not just for FreeBSD so its > long) > > Tuc/TTSG Internet Services, Inc. > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGCEIGFMAA.Barbish3>