RE: advice-- a friend claims he's under attack
donno. His emails to me are kinda all over the map so it's hard to say.
His latest email said the cause of it was qmail. his client has some
community based email list around 40k a week. He sent it out and the
server stopped sending local mail and isn't serving the site anymore.
The explanation doesn't make sense to me. Perhaps this was caused by an
ipchain throttling rule limiting the amount of concurrent connections?
(there's going to be tons of dns lookups for 40k emails) but that
shouldn't stop other services.
I had him check all of his logs and he reports normal activity and no
breakins. Ideas?
justin
-----Original Message-----
From: Joey Hess [mailto:joey@satin.kitenet.net] On Behalf Of Joey Hess
Sent: Thursday, May 02, 2002 12:01 PM
To: debian-user@lists.debian.org
Subject: Re: advice-- a friend claims he's under attack
Shawn McMahon wrote:
> begin justin cunningham quotation:
> > Hi, sorry for the dramatic subject; a guy with a server in my colo
> > called me saying his site and mail is down and he had trouble
reaching
> > the box. He's sshed in now and says netstat -n shows lots of
> > established connections. I told him to kill them and set ip chain
rule
> > to deny all from that ip. What other advice can I give him
immediately?
>
> Shut the box down and mail it to him. NOW. It's a danger to the
> security of all your customers.
Because someone has opened many connections to it in a possible DOS?
Explain.
--
see shy jo
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: