Why is it, that on L2 (when there is no MAC Table entry for a new packet) there is MAC Flooding. But at the same time on L3 there is an ARP request (when there is no entry in the ARP table for a new packet) and no flooding? Answer It’s not clear to me … Read more
recently we moved to a new host (DO) for one of my client after being on a shared account . I was monitoring the cpu and it was always at 100% , knowing that the site dosnt get a lot of traffic , decided to check the access log and i saw the following (1-5 … Read more
I’m at my wits end right now. I have a wordpress site that thankfull is still just a blank template. Last week I saw it was being hammered by an IP 185.130.5.180 from Lithuania and has been flagged multiple times for spamming. I can’t seem to block the damn thing for accessing my site. Should … Read more
I have runtime Linux running in a PLC. My development machine is running Ubuntu 14.04. The PLC and the development machine are connected through a five port switch. I ssh to PLC from my development machine to transfer executable of a networking application that I develop on my development machine. I run tcpdump on PLC … Read more
My server (http://monitor.wingify.com/munin/visualwebsiteoptimizer.com/app.visualwebsiteoptimizer.com.html) recently had an outrage. One of the suspecious things I found was loads of SYN flooding messages in /var/log/messages Feb 8 15:17:34 app kernel: possible SYN flooding on port 80. Sending cookies. Feb 8 15:36:58 app — MARK — There are loads of SYN flooding errors and loads of — MARK — … Read more
I want to know how shared webhosting or other types of it deal with Spam issues. Example: stop serving the website for a period of time, and how much is it? … Answer Typically, hosting companies suspend the web site until the end of the attack. The problem is that everyone will see something like … Read more
This question already has answers here: How do I deal with a compromised server? (13 answers) Closed 8 years ago. I am warned from my VPS provider that my server sends a lot of SSH SYN Attack to other servers, but I have no idea how to deal with it. Here’s the detail my provider … Read more
I have a small LAN of some 30 users in it with proxy auto configuration enabled and working. Two of them are requesting wpad.dat file too rapidly at a pace of 30 times per second. 10.1.14.246 – – [02/Jun/2014:09:07:18 +0200] “GET /wpad.dat HTTP/1.1” 302 302 10.1.14.141 – – [02/Jun/2014:09:07:18 +0200] “GET /wpad.dat HTTP/1.1” 302 302 … Read more
Good Evening. Today I noticed a strange flood on a box that I am working with, here is a dump from tcpdump: 23:21:07.580917 IP (tos 0x0, ttl 64, id 5746, offset 0, flags [DF], proto TCP (6), length 94) f125.wedos.net.microsoft-ds > kryton.progresive.cz.57250: Flags [P.], cksum 0xbe27 (correct), seq 3455992339:3455992381, ack 1572183034, win 23577, options [nop,nop,TS … Read more
How to to protect nodes/ detect and block KVM VPS clients that TCP flood the network ? I use SolusVM VPS management system. Recently one abuser toke several VPSs and flood it the datacenter network. Luckily I manually found him but I need some automatic solution. I need something to set a PPS value 15k … Read more
