Hi everybody,
My server has been used against my will for a SYN flood attack.
Code:
Attack detail : 20Kpps/6Mbps
dateTime srcIp:srcPort dstIp:dstPort protocol flags bytes reason
2016.08.22 02:34:46 CEST *.*.*.*:1615 *.*.*.*:28 TCP SYN 40 ATTACK:TCP_SYN
I would like to restart it but I'm afraid that it will start again. Is there a quick fix to prevent this to happen? It doesn't need to be a loing term solution, since I'm planning to transfer all my website to another server and to close it down afterward. I just want it to be functional for the following week.
My server runs Debian, Apache, PHP and MySQL.
Unfortunately, I don't know how the request have been sent. Can I forbid my server to send external request, knowing that none of my website needs to do such a thing?
Thank you in advance for reading and maybe for answering!