Re: syn-flood on port 80 GONE WILD!

To: debian-user@lists.debian.org
Subject: Re: syn-flood on port 80 GONE WILD!
From: "nate" <aphro@portal.aphroland.org>
Date: Sun, 5 Aug 2001 22:20:54 -0700 (PDT)
Message-id: <[🔎] 4322.216.39.174.24.997075254.squirrel@webmail.aphroland.org>
In-reply-to: <[🔎] 20010806041727.UMJC18626.mta08.onebox.com@onebox.com>
References: <[🔎] 20010806041727.UMJC18626.mta08.onebox.com@onebox.com>

> My newly polished-up Debian firewall is logging so many connection
> attempts to port 80 that I truly can't believe it.  All different

as another guy pointed it is likely code red, or code red II.
I have logged almost 10,000 attempts today on one of my networks
which runs on a DSL line. 2 other networks that run on t1s
have ~25 hits combined. so its clear its affecting dsl/cable
modems more then others.

i suggest using snort and demarc on your firewall if your
not using some kind of packet sniffer already. demarc
is available at demarc.org. free for non commercial use.
for commercial use its about $900 for up to 8 stations.
well worth it. it can be difficult to setup though if
your not used to playing with source code programs.

demarc is available at demarc.org
snort is available at snort.org

nate

Reply to:

References:
- syn-flood on port 80 GONE WILD!
  - From: "Lance Peterson" <dlancep@onebox.com>

Prev by Date: unstable Xfree 4.0 video driver:driver is "glint"
Next by Date: Re: [OT] Power supply specs
Previous by thread: Re: syn-flood on port 80 GONE WILD!
Next by thread: Cable Modem on Linux
Index(es):
- Date
- Thread