Networking :: Suitable Limit Rates For SYN, LOG & Ping Flood Prevention?
Jun 26, 2011
one thing I'm not quite certain about is suitable limit rates for SYN, LOG & ping flood prevention. I suppose it depends a bit on traffic, as well as bandwidth. However, I don't want to limit the former. FWIW, I expect about as much traffic as a country road in the middle of nowhere, and my bandwidth for requests is 15 Mbps (Don't laugh. Content delivery is a pathetic 2 Mbps. That's a residential cable connection for ya...)Of all the tutorials/examples, I chose to go with Rusty Russel's limits, though they're dated 2002. Thus an excerpt of my firewall "script":
Code:
#!/bin/sh
# Saved in /etc/init.d, runlevels 2 3 4 5
[code]...
View 4 Replies
ADVERTISEMENT
Jul 15, 2011
I am using an virtual machine. where I need to ping from one machine to another. earlier I was able to ping. But after going to google.com once, I cannot ping back to this machine.
But if I gave ping -I eth1 <IP> then I can ping.
I cannot install any package, so tell me solution which includes not installing any package.
View 2 Replies
View Related
Aug 3, 2011
I want to test syn flood attack in my pc
but i dnt know how to generate it, can you tell me
how to generate syn flood attack in pc
View 2 Replies
View Related
Oct 16, 2010
I run a Centos server that quite a few people have access to. I trust every user on the system, but i've had problems before like one user's account gets hacked and someone starts using my box to DDOS. Each user has their own ip.. And I would like to write a script or use an existing solution (if one exists) to monitor number of tcp/udp connections each minute and see if it's unusually high. I don't want it to stop the flooding or anything, I just want to be notified by email or something.
View 1 Replies
View Related
Jul 9, 2010
Ive got a problem on my server ....installed Debian 5 , Webmin and than syscp settung up syscp ready ....
I try to ping "localhost" ansver ping: unknown host
I try to ping "localhost." there is a host with IP 127.0.0.1
I need it to change it in "localhost"
Is that the bind9 maybe?
View 1 Replies
View Related
Jul 24, 2010
I have two machines on this network, one running Ubuntu and the other running Fedora.
When I'm using the Wireless network on the Ubuntu machine, I cannot ping the Fedora machine. Everything else works. I can browse the net fine.
If I switch over to the Wired Network then I can ping the other machine.
I don't understand why ping doesn't work only over the Wireless. I can ping the router so I'm guessing it's getting blocked by the router but I didn't block ICMP traffic.
I tried asking on IRC and they ran out of ideas too to find out where the problem is.
View 7 Replies
View Related
Feb 1, 2011
I just installed my first EVER bind DNS server. I am running bind9 on Ubuntu 10.04. Everything seems to be working great except one thing: If I ping a host that I have set up in bind by its HOSTNAME the pings take 5-6 seconds to reply/print to the screen between each echo response. If I ping by the host's IP address, they echo back very quickly.
I have read that IPv6 can cause this, but I have disabled it in /etc/sysctl.conf and the problem still exists.
I know everyone says this can't be a DNS issue, but this never was an issue with dnsmasq (which i was using prior), and it doesn't make sense that the ping are ONLY slow when pinging by hostname and not IP.
Configs below:
Ping by hostname - there is a 5-6 second delay between each one of the responses:
Code:
Ping by IP - the responses come VERY quickly one after the other:
Code:
/etc/resolv.conf:
Code:
Code:
rev.0.168.192.in-addr.arpa:
Code:
View 10 Replies
View Related
Apr 29, 2010
So, I have an Virtual Machine running CentOS 5.4. It sits behind a hardware firewall which also does NAT'ing. I've set up plenty of these, so I know for sure the firewall and NAT rules are set up correctly. From the host, I can ping anything in my subnet and the gateway. But I can't ping anything else beyond the gateway. I can perform DNS queries and when I try to ping, it finds the appropriate IP address.But from the outside, I can ping the PUBLIC address (It's a 1 public to 1 private address NAT, not 1 public to multiple private). I've tried it with IPTABLES on and off, with no change.
View 11 Replies
View Related
May 26, 2010
I have Mandriva One 2009.0 (192.168.1.100) on one box and Mandriva Free 2010.0 (192.168.1.118) on the other. I can ping router (192.168.1.1) from both of these boxes but I can't ping one box to the other and the other way around. What's going on?.
Do I have to change some settings in router?. Or is it firewall issue on those two machines?. Both of these boxes are connected by cable. Symbol of the router: TL-WR340G.
View 2 Replies
View Related
Apr 17, 2011
There's a physical problem with my Microsoft mouse (and from what I've heard many other Microsoft and Logitech mice) where it accidentally double clicks during what is intended to be one click from me. I was thinking that surely some software that ignores the next click input from the mouse if it is within say 50ms (At a guess) as the last click would solve this problem and increase the longevity of these mice. Is there an option for this somewhere? Perhaps it would be easy to program a simple script or something for this?
View 3 Replies
View Related
May 13, 2009
I have full hdd encryption with a rather long key. The thing is the FBI might just show up at my house one day and have a warrant for my PC, and who wants the government looken through there life? I have a few plans on geting my PC shut down before they can get there hands on it. This is all well and good, but if they can sniff my key from the ram It doesn't matter what my key is or weather they find the computer on or off. Anyhow, i was wondering if there was some way I could add a script to the shut-down process that would over-write the ram.
View 11 Replies
View Related
Mar 7, 2010
I have been trying to learn iSCSI from google but there is one main point that remains unclear. Is iSCSI suitable to move data between IP of [URL] and IP of [URL] rather than between 192.168.xxx.xxx and 192.168.xxx.xxy?
View 1 Replies
View Related
May 27, 2010
I'm running NetWare SLES 10 sp3 with OES2 sp2. I was working with the folks at Novell to resolve an iPrint Print Manager problem.
During the process they wanted to perform a packet capture using tcpdump. While logged in as the root user the error no suitable device was found, and I received no data at all. This server is running on a VMWare Center. On other SLES 10 sp3 systems (residing on that same VMWre Center), tcpdump captures packets just fine. I inherited all of these servers, so I wasn't here during the initial build, but I'd make the guess that they were configured similarly. On a Server that I built recently, tcpdump works fine. On two of my Servers it does not, and gives the mentioned error.
It's not that big a deal, otherwise the Servers are communicating and working just fine. But, I'd like to get it working just because it's supposed to work. Students are off for the summer, so I have time to play.
View 5 Replies
View Related
May 21, 2009
I have connected xp and fedora through crossover cable . xp has ip address 192.168.0.1/24 (manually assigned) fedora has 192.168.0.2/24 with default route equal to 192.168.0.1
I can ping fedora from xp computer but i can't able to ping xp from fedora computer.
I have manully edit the /etc/sysconfig/network-scripts/ifcfg-eth0 file with correct subnet mask and ip address because when i tried to give ip address manully in network manager the subnetmask is replaced with gateway address don't know why.
Now i want to share internet through crossover cable . xp is connected to internet through wireless usb adapeter.
View 8 Replies
View Related
Mar 29, 2011
I am having a situation with an NTPD server.
Code:
remote refid st t when poll reach delay offset jitter
plesk2.datacent .INIT. 16 u - 64 0 0.000 0.000 0.000
91.198.87.118.b .INIT. 16 u - 64 0 0.000 0.000 0.000
core.fr.zeroloo .INIT. 16 u - 64 0 0.000 0.000 0.000
178-26-105-100- .INIT. 16 u - 64 0 0.000 0.000 0.000
and it remains so no matter how long I wait...
Hoping to get better results with ntpdate, I stopped NTPS and tried :
Code:
# ntpdate ntp.skynet.be
29 Mar 09:12:26 ntpdate[4715]: no server suitable for synchronization found
# ntpdate -ud ntp.skynet.be
29 Mar 09:14:02 ntpdate[4814]: ntpdate 4.2.4p4@1.1520-o Sun Nov 22 16:14:35 UTC 2009 (1)
transmit(195.13.23.5)
receive(195.13.23.5) .....
I am running Debian Lenny 64b, and every packages are totally updated. I have 25 identical servers. And there is just one giving me this problem. From what I see, it is not a connection/FW issue since ntpdate get replies from the ntp server (ntp.skynet.be is my isp's stratum 2 ntp server).
View 14 Replies
View Related
Feb 7, 2009
I just started using linux (newb) on a dual boot with windows VISTA. I need to disable data prevention execution whenever I do boot Vista through GRUB but I don't know what command to use nor exactly where to put the command.On a single boot windows machine, all you would do is type the following at the command prompt and reboot: bcdedit.exe /set {current} nx AlwaysOffAlso, GRUB lists my VISTA boot option simply as "other." Is there a way to change that?
View 3 Replies
View Related
Apr 23, 2010
I try to ping with php : exec("ping -n 1 $ip",$output[],$retval); it works fine in window. but in linux i got this error : ping: icmp open socket: Operation not permitted are there any ways to solve this ?
View 5 Replies
View Related
Nov 2, 2010
I can't update my ubuntu clock with my server. If i run the command ntpdate domain.local, it gives me this erro (no server suitable for synchronization found) if i run the command nslookup domain.local it works well and found my server
View 3 Replies
View Related
Jan 22, 2011
how to do iptables log to file UDP Flood under 64 packages?
View 14 Replies
View Related
May 15, 2010
specs: toshiba lappy
110gb hdd, 1gb ram, core 2 duo 1.6ghz, nvidia 7600
windows xp pro service pack 3
jaunty jackalope
my problem is: i wanted to repartition (shrink xp and create partition for data storage) my hdd using gparted live cd 0.5.2-9. everything went fine until i clicked exit and reboot. after the cd tray automatically ejected i got a flood of "VFS: busy inodes on changed media or resized disk srO". this doesnt stop until i press enter. after that it reboots normally and there is no problem with the os.
my questions: 1) is that flood anything bad, is there a way to avoid this. i read somewhere that the problem is solved when using the terminal sudo eject - then push back the cd tray - then sudo eject -t. i tried that but it said failed because gparted cd is in use.
2) the first time that happened i didnt know what to do, so it flooded like for 15min or more until i pressed enter. my question is if the flood is being saved anywhere on the pc so that i have to delete it?
and a question regarding extended partition: 3) i have 50gb left that i want to use for data storage. i read that you can only have one extended partition. so since there is already one extended partition from ubuntu, i cant have another one for windows? so i can only make the data partition as primary or is there another reason why the "create extended partition" is greyed out?
last question: 4) when i set up the partition for swap i made it 1032gb big but in gparted it shows 980.53mb. is that still enough or why is it like that because somehow the sizes of the partitions seem a bit different than how they originally should be. im actually used in seeing the size shrinking a bit but i found it weird that the ubuntu partition shows 4.76 when it should be 4.5gb. i know its not much different but im just curious to know why..
partitions order: windows - unallocated (-->data partition) - ubuntu (primary) - home folder (extended) - swap
in windows the partitions are shown as: windows xp (31,74gb) - unallocated (50,05gb) - 4,76gb unkown - 24,27gb unkown - 981mb uknown
in gparted: its almost the same, only difference: there is unallocated space (7 or 8mb) between home folder and swap
View 6 Replies
View Related
Feb 21, 2011
Banning the IP is the best way to protect your server but of course, attacker can use another IP and use a lot of your bandwidth until you find and ban the IP. So the only thing we can do to prevent this is, block the packets my iptables length module.
I check the bandwidth usage through "iftop". Incoming traffic is always like 120kb/second and that has to be that way because the traffic enters my server no doubt that it gets dropped by iptables later.
The actual thing what the Ddos ( UDP Flood ) does it that it causes an outbound traffic that eats up like 5mb/second easily and my servers lag. Only if the IP is banned, the outbound traffic comes to an end.
Now I want to use the length module to block it but it just won't work. I've tried the following and shuffled them too but no help.
Code:
iptables -I INPUT -p udp -m length --length 15 -j DROP
iptables -A INPUT -p udp -m length --length 15 -j DROP
Packet length is 15 according to tcpdump:
Code:
19:49:34.504864 IP fms-02.colt.net.belgamanagement.be.56413 > nyc.v1servers.com.20100: UDP, length 15
View 10 Replies
View Related
Dec 28, 2010
my secure log is flooding with these messages..
sudo: pam_limits(sudo:session): wrong limit value 'unlimited' for limit type 'hard'
Dec 28 22:42:29 yn54 sudo: pam_limits(sudo:session): wrong limit value 'unlimited' for limit type 'soft'
Dec 28 22:42:29 yn54 sudo: pam_limits(sudo:session): wrong limit value 'unlimited' for limit type 'hard'
View 3 Replies
View Related
Nov 10, 2010
my computer froze solid, and it would not react to anything. X didn't react to Ctrl+Alt+Backspace, not Ctrl+Alt+Del, so I had to turn it off using the power button.
This is the first time my computer freezes like this, the log files did not reveal any HW errors. Is it possible that someone in the channel did not like my level of Java skill, and flooded me to disconnect?
By the way; Im using slackware 13.1 with the default kernel (2.6.33.4) and irssi as IRC client.
I know that if you eg. ICMP-flood someone, the traffic will be denied and, but can it provoke other behavior from the computer?
So my question is; can a IRC flood/DDoS attack cause a computer to freeze sub zero?
View 4 Replies
View Related
Aug 29, 2011
Does anybody how to get good compression rates on pdf?
The default gzip somefilename.pdf gives hardly 10% in the pdf. Any ideas anybody ?
View 1 Replies
View Related
Jul 9, 2011
I've just installed Slackware 13.37 but there seems to be an issue.
i can't change my refresh rates(i want to change ir from 75 to 85 KHZwhich are the only options) as each time i change 85 in KDE from system settings works until i restart X then it goes to the previous setting which is 75.my xorg.conf looks like this code...
View 4 Replies
View Related
Jan 19, 2010
Host - Fedora 12 64bit
KVM
VM - Windows Server 2008 64 bit
bridge-utils
VM can ping host and Internet but host can't ping VM.
I set VM static IP 192.168.0.205.
It turns out dynamic IP - 192.168.0.55
On host:
View 2 Replies
View Related
Oct 11, 2010
Trying to install 10.10 netbook edition on my MSI U230 netbook from a USB drive. Keep getting the error "hyper transport sync flood error occurred on last boot" Press F1 to Resume. F1 causes just a reboot and the same thing happens. Anyone seen this error? It happens with both the netbook and desktop version.
View 9 Replies
View Related
May 12, 2010
I have a VPS server with 512 MB memory. The php.ini is set so script memory limit = 16 MB. However, I have noticed in my top report, instances like the following:
Quote:
5484 coldclim 25 0 46476 32m 5920 R 0.0 6.4 0:00.93 php
The bold number of 6.4 is the % of sever memory this process is using. 6.4 % of 512 MB of memory is about 32 MB of memory, so it appears that this isn't being limited by php.ini. Am I correct? This leads to the next question: Is there some way to limit the amount of memory a single suphp process can use? (Basically, something like the setting in php.ini which limits suphp processes in the same way.)
View 2 Replies
View Related
Jul 18, 2010
I am running ubuntu 10.4 lts desktop and ubuntu 9.10 server with the gui active. On both of these machines the data transfer rates over usb and lan have slowed down quite considerably. Also over multiple devices, not the same hardware everytime I try to transfer something.
View 2 Replies
View Related
Feb 5, 2010
I just got Ubuntu 9.10 CD from the Canonical Ltd. I started to Install Ubuntu 9.10.
It asked me to Select a language then it started loading
After a minute or two the screen showed some errors and my monitor showed an error non-supported refresh rates 35.xx KHz / 75.x Hz
I dont remember the exact numbers but this is the error. This error is generated by monitor's hardware not ubuntu.
View 3 Replies
View Related
