All,
I am having an issue regarding my server being a source of Dos attacks.
Here are 2 of the logs/complaints:
There seem to be lots of random outgoing ports in the logs, which makes it hard to be specific with my firewall rules.
So far I am only receiving this complaint from one host.
I am using pf as my firewall and my FreeBSD version is 5.4.
My server runs as a http server with mysql, apart from that the only other services I use are ftp and ssh.
Can anyone give me any assistance or advice? Is it going to be a case of ensuring I have the latest versions of the OS, apache, mysql etc and my firewall configuration?
Also I am a bit of a newbie with pf, so any configuration advice would be much appreciated.
Thanks in advance.
D
I am having an issue regarding my server being a source of Dos attacks.
Here are 2 of the logs/complaints:
Code:
01:08:01.050648 IP (tos 0x0, ttl 231, id 59307, offset 0, flags [none],
proto TCP (6), length 40) MY.IP.58222 > THEIR.IP.38863: S,
cksum 0x8274 (correct), 2305416740:2305416740(0) win 65535
01:08:01.050663 IP (tos 0x0, ttl 231, id 40256, offset 0, flags [none],
proto TCP (6), length 40) MY.IP.4122 > THEIR.IP.289: S,
cksum 0x1da2 (correct), 306717724:306717724(0) win 65535There seem to be lots of random outgoing ports in the logs, which makes it hard to be specific with my firewall rules.
So far I am only receiving this complaint from one host.
I am using pf as my firewall and my FreeBSD version is 5.4.
My server runs as a http server with mysql, apart from that the only other services I use are ftp and ssh.
Can anyone give me any assistance or advice? Is it going to be a case of ensuring I have the latest versions of the OS, apache, mysql etc and my firewall configuration?
Also I am a bit of a newbie with pf, so any configuration advice would be much appreciated.
Thanks in advance.
D
