Hello Experts, Since two days I try to use fail2ban because I had several 100000 login attempts on each of my servers... Now it increas to several million In clear, my WHOLE network is attcked! There are 87 Servers in question (can be reached trough a public IP) which had in the beginning only attacks of one <rackspace.com> IP which increased for some days to 4 IPs and now, since last night my servers do not more respond, I have encountered, that my servers beeing attacked by more then 20000 IPs with arround 2-10 requsts per second. fail2ban is trying to block it, but the loadaverage increase to over 18. The other problem is, that I use a remote syslog daemon and this server had for 2 hours a loadaverage of >37 and I had to shutdown the server and used the RSA to clean up the system. It was trying to write more then 60 MByte of logs (~ 800 files at once) per second My Internet connectivity is a redunant 10 GE using a CISCO 12008. All used Switches (16 in total) are 3Com 3C17701 (4924) and I try to block some traffic at the switches. Works nice, but require heavy manual intervention.. How do you handel such attacks? Note: Rackspace has not respond to any of my requestes I have tried to reach them by telephone, but they pick not up. (is is not the first time, that servers from <rackspace.com> attack my network) Thanks, Greetings and nice Day/Evening Michelle Konzack -- ##################### Debian GNU/Linux Consultant ###################### Development of Intranet and Embedded Systems with Debian GNU/Linux Internet Service Provider, Cloud Computing <http://www.itsystems.tamay-dogan.net/> <http://www.debian.tamay-dogan.net/> itsystems@tdnet Jabber linux4michelle@jabber.ccc.de Owner Michelle Konzack Gewerbe Strasse 3 Tel office: +49-176-86004575 77694 Kehl Tel mobil: +49-177-9351947 Germany Tel mobil: +33-6-61925193 (France) USt-ID: DE 278 049 239 Linux-User #280138 with the Linux Counter, http://counter.li.org/
Attachment:
signature.pgp
Description: Digital signature