I'm behind SYN FLOOD with Spoofed IP'S

Discussion in 'General' started by midulc, Jun 5, 2012.

  1. midulc

    midulc New Member

    I have LiteSpeed + CSF + ALL RPS checks done + CentOS 6.2 fully updated + WHM...
    What to do?
    Thanks.
  2. webizen

    webizen New Member

    not LSWS related but we help you anyway as you ask for help here.

    enable syncookies
  3. midulc

    midulc New Member

    I know

    Yes, I knew it was not LSWS related but you know all!
    I have already enabled syn cookies and it's the same... I can't get why is this happenning... Its a 200 mbps ddos, anyway i have a 10 gbps server but all the same all the cpu is laggy!!
    Any other suggestions?

    PS: Are you helping to fully configure a server with LSWS if I pay you?
  4. NiteWave

    NiteWave Administrator

  5. midulc

    midulc New Member

    Ok, what do you configure?

    Suppose I Adquire that configuration pack, what will you configure for me?
  6. webizen

    webizen New Member

    We will let you know once you order the service.
  7. midulc

    midulc New Member

    I need security...

    I need to be sure if it will work or not, as it's not just a little money.
    Thanks.
  8. webizen

    webizen New Member

    If not, we will refund the money to you.
    Last edited: Jun 6, 2012
  9. midulc

    midulc New Member

    Just a question

    "Set up script to block attacking IP automatically via iptables based on web server detection result. "

    Actually the requests NEVER get into the server, there are like 3000 ip's differents all with state SYN_RECEIVED getting a 200MBPS attack.
  10. webizen

    webizen New Member

  11. midulc

    midulc New Member

    Butnothing

    Have optimized ALL centos configuration based on all I could find on internet and the ddos still gets my ded down.
    The cpu use goes full and the conection usage to 250 mbps. There are lots of SYN_rECEIVED packets.
    There's no way to stop this... What to do?
    Internet connection is 10gbps so that's not the problem, it's that cpu usage goes to the limit.
  12. NiteWave

    NiteWave Administrator

    can you identify which process has high CPU usage, by "top -c" etc?

    ddos usually last short time only, is your website DDOS'd continuously?
  13. midulc

    midulc New Member

    Continuously

    It's continuously behind a DDOS. I can't run that command as now the dedicated got blocked for so many traffic :mad:
  14. webizen

    webizen New Member

  15. midulc

    midulc New Member

    Finally solution

    I even set up the iptables to block ALL ALL THE REQUESTS ALL, iptables -i INPUT -j DROP and still got behind attack!

    Conclusion: External firewall is the only solution.
  16. webizen

    webizen New Member

  17. webizen

    webizen New Member

    This is not necessarily true. Really depends on how iptables is setup.
  18. semprot

    semprot Member

  19. webizen

    webizen New Member

Share This Page