[Gllug] SYN Flooding - Please Help
Richard Jones
rich at annexia.org
Fri May 27 12:24:12 UTC 2005
On Fri, May 27, 2005 at 12:22:41PM +0100, wendy carr wrote:
> Thnaks very much for your help.I have the syncookies
> turned on. Still getting hammered. I have managed to
> track down few ip's and looks they are all coming from
> koria and malayasia. But still cant filter on ip's
> since i may block genuine requests. cheers.
In normal SYN floods the source IP addresses are spoofed - they don't
give you any information about the source of the attack.
If it's a real attack, one of your clients will have received some
sort of extortion email demanding money. Pass that email (complete
with headers and any other details) on to the police or NHTCU
(http://www.nhtcu.org/) so they can start to follow the money trail.
Rich.
--
Richard Jones, CTO Merjis Ltd.
Merjis - web marketing and technology - http://merjis.com
Team Notepad - intranets and extranets for business - http://team-notepad.com
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list