messages suppressed?
here is some of my redhat server's log
Oct 8 11:50:06 kernel: NET: 72203 messages suppressed. Oct 8 11:50:11 kernel: NET: 73431 messages suppressed. Oct 8 11:50:16 kernel: NET: 73538 messages suppressed. Oct 8 11:50:21 kernel: NET: 64800 messages suppressed. Oct 8 11:50:26 kernel: NET: 73611 messages suppressed. Oct 8 11:50:31 kernel: NET: 73364 messages suppressed. Oct 8 11:50:36 kernel: NET: 73672 messages suppressed. Oct 8 11:50:41 kernel: NET: 73325 messages suppressed. Oct 8 11:50:46 kernel: NET: 73241 messages suppressed. that time,my server is very slow,I think it is under SYN(for port80)attact, how can i do? |
here is some of my redhat server's log
Please post the line immediately before these ones. that time,my server is very slow,I think it is under SYN(for port80)attact, how can i do? First of all don't think but make sure. With the above you should get some leads on what it actually is. If you're sure it's a bombardment of requests, make sure SYN cookies are enabled in the kernel, your server has a max requests that's appropriate for your system and use the firewall to rate-limit requests. All of this will not stop a D0S tho, so if this is a (remote) (production) server you (rely on, you) may wish to consult your hosting company or department for additional measures like firewalling or dropping traffic at the router. If it's an attack, file a complaint and let them do the tracebacks and handle contacting upstream providers. |
All times are GMT -5. The time now is 09:13 PM. |