Strange Syn attack? (solved)

S

silvatech

Verified User
Joined
Sep 21, 2019
Messages
34
So whatever is going on is completely locking up CSF in a loop it seems. messages were warnings syn attacks, but I enable against port flooding it dont help.
If I run however netstat -nap | grep SYN -c it only shows a count of 1 or 0. I had the server facility check and they were not seeing any form of ddos coming through.
If I turn off CSF the server runs fine. Any clue what setting on CSF might make it goof up like this?
 
You don't have this enabled by any chance?
SYNFLOOD = "1"
because this should always be set to:
SYNFLOOD = "0"
unless you're really under attack.

You might want to check the # SECTION Port Flood Settings in csf.conf to see if they are default or if things are customized.

I wouldn't know what else could be sending warnings about syn attacks, maybe somebody else has some interesting idea's about that.
 
It was disabled I tried enabling it due to seeing the syn error. I tried setting all settings to low and still getting the error. Really odd and the network packets coming to the server are low I can confirm that from monitoring it. I will try disabling that but it was before this all started is the odd part.
 
Ok, so way it goes sometime when you get tired. I did fix the syn attack, but some reason the firewall kept afterwords blocking my IP even when id tell it to unblock it. I had to add it to an ignore list. Also some ports somehow I had open changed :O . I had the auto update thing on for CSF I wonder if that had partially something to do with it. Or the poor server just so sick of brute force attempts it decided I had to go to :P .

I normally check myself quicker, but was in middle of fixing another issue at the time and a bit burned out lol.
 
silvatech said:
I had the auto update thing on for CSF I wonder if that had partially something to do with it.
Click to expand...
I can at least say it doesn't. CSF updates do not change port settings, closed ports remain closed and open ports remain open.

If it was blocking your own ip, it's important to see why that is happening. I always put my home ip in the ignore list, but if the home ip is infected with malware, that could also be a reason for CSF to block the ip.

Anyway I understand the things occuring when you get tired, been there often enough. ;)
 
You must log in or register to reply here.
Back
Top