{"id":1937,"date":"2015-02-25T05:14:39","date_gmt":"2015-02-25T05:14:39","guid":{"rendered":"https:\/\/qbytes.cloud\/?p=1937"},"modified":"2015-02-25T05:14:39","modified_gmt":"2015-02-25T05:14:39","slug":"kernel-firewall-synflood-blocked","status":"publish","type":"post","link":"https:\/\/www.qbytes.cloud\/index.php\/2015\/02\/25\/kernel-firewall-synflood-blocked\/","title":{"rendered":"kernel: Firewall: *SYNFLOOD Blocked*"},"content":{"rendered":"

CSF Firewall is blocking these attacks in \/var\/log\/messages<\/p>\n

\n\nFeb 25 02:13:33 servidor kernel: Firewall: *SYNFLOOD Blocked* IN=eth1 OUT= MAC=00:25:90:de:d3:d5:00:19:e8:f4:7a:3f:08:00 SRC=120.43.114.117 DST=64.150.187.59 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=21531 DF PROTO=TCP SPT=4760 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0\n\n<\/pre>\n
Check with<\/p>\n
\n# netstat -alntp | grep SYN | wc -l\n<\/pre>\n
You have set the following in your csf configuration but having such a setting, we definitely block SYN connections but legit connections as well.<\/p>\n
\n\nSYNFLOOD = "1"\nSYNFLOOD_RATE = "1\/s"\nSYNFLOOD_BURST = "3"\n\n<\/pre>\n
With the above settings, you will see a drop down in SYN connections but you won’t be able to browse your websites as well since it blocks legit clients as well.<\/p>\n
The proper solution for the heavy attacks is a Hardware Firewall OR CloudFlare.<\/p>\n
So if the attack is too heavy, go for any of the above 2 options since re-installation and blocking ports won’t solve the problem.<\/p>\n","protected":false},"excerpt":{"rendered":"
CSF Firewall is blocking these attacks in \/var\/log\/messages Feb 25 02:13:33 servidor kernel: Firewall: *SYNFLOOD Blocked* IN=eth1 OUT= MAC=00:25:90:de:d3:d5:00:19:e8:f4:7a:3f:08:00 SRC=120.43.114.117 DST=64.150.187.59 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=21531 DF PROTO=TCP SPT=4760 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 Check with # netstat -alntp | grep SYN | wc -l You have set the following in your csf configuration but … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[102,123],"tags":[],"class_list":["post-1937","post","type-post","status-publish","format-standard","hentry","category-security","category-whm"],"_links":{"self":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts\/1937","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/comments?post=1937"}],"version-history":[{"count":0,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/posts\/1937\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/media?parent=1937"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/categories?post=1937"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.qbytes.cloud\/index.php\/wp-json\/wp\/v2\/tags?post=1937"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}