Am I experiencing a DOS attack? The server becomes unresponsive and I know I don't have this many users connected. How do I prevent this type of attack? Code: root@hostname:~# ss State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 475 0 ::ffff:192.168.1.110:www ::ffff:79.139.63.103:2068 ESTAB 463 0 ::ffff:192.168.1.110:www ::ffff:83.94.155.31:2065 CLOSE-WAIT 372 0 ::ffff:192.168.1.110:www ::ffff:89.240.206.158:57448 CLOSE-WAIT 381 0 ::ffff:192.168.1.110:www ::ffff:193.113.48.7:51342 ESTAB 0 75504 ::ffff:192.168.1.110:www ::ffff:142.161.248.176:51260 ESTAB 0 86140 ::ffff:192.168.1.110:www ::ffff:128.2.185.188:1748 CLOSE-WAIT 0 11584 ::ffff:192.168.1.110:www ::ffff:74.64.124.62:62928 CLOSE-WAIT 470 0 ::ffff:192.168.1.110:www ::ffff:68.2.73.173:62010 CLOSE-WAIT 1 0 ::ffff:192.168.1.110:www ::ffff:220.255.7.198:20197 FIN-WAIT-1 0 80241 ::ffff:192.168.1.110:www ::ffff:65.12.142.245:afmbackup CLOSE-WAIT 528 0 ::ffff:192.168.1.110:www ::ffff:68.148.202.248:1660 ESTAB 0 68056 ::ffff:192.168.1.110:www ::ffff:194.83.36.52:49059 ESTAB 545 0 ::ffff:192.168.1.110:www ::ffff:84.63.93.153:64783 CLOSE-WAIT 507 0 ::ffff:192.168.1.110:www ::ffff:116.64.150.132:4514 ESTAB 469 0 ::ffff:192.168.1.110:www ::ffff:203.153.6.4:1895 CLOSE-WAIT 305 0 ::ffff:192.168.1.110:www ::ffff:24.28.89.76:3570 CLOSE-WAIT 464 0 ::ffff:192.168.1.110:www ::ffff:72.252.127.22:3091 CLOSE-WAIT 372 0 ::ffff:192.168.1.110:www ::ffff:74.64.124.62:63111 FIN-WAIT-1 0 39441 ::ffff:192.168.1.110:www ::ffff:65.12.142.245:2807 ESTAB 0 46720 ::ffff:192.168.1.110:www ::ffff:60.54.196.173:28626 ESTAB 701 0 ::ffff:192.168.1.110:www ::ffff:89.103.41.64:4741 ESTAB 482 0 ::ffff:192.168.1.110:www ::ffff:149.254.200.236:37457 ESTAB 0 17520 ::ffff:192.168.1.110:www ::ffff:60.54.196.173:28631 ESTAB 0 18980 ::ffff:192.168.1.110:www ::ffff:60.54.196.173:28616 SYN-SENT 0 1 192.168.1.110:40678 216.39.53.3:smtp ESTAB 0 20440 ::ffff:192.168.1.110:www ::ffff:60.54.196.173:28618 CLOSE-WAIT 372 0 ::ffff:192.168.1.110:www ::ffff:89.240.206.158:57652 ESTAB 0 21900 ::ffff:192.168.1.110:www ::ffff:60.54.196.173:28620 ESTAB 469 0 ::ffff:192.168.1.110:www ::ffff:76.127.242.143:11409 ESTAB 459 0 ::ffff:192.168.1.110:www ::ffff:208.82.3.15:14284 ESTAB 0 13140 ::ffff:192.168.1.110:www ::ffff:60.54.196.173:28622 CLOSE-WAIT 470 0 ::ffff:192.168.1.110:www ::ffff:68.0.221.11:51526 CLOSE-WAIT 507 0 ::ffff:192.168.1.110:www ::ffff:116.64.150.132:4812 ESTAB 0 79860 ::ffff:192.168.1.110:www ::ffff:219.78.5.124:3498 CLOSE-WAIT 528 0 ::ffff:192.168.1.110:www ::ffff:68.148.202.248:1595 ESTAB 0 21900 ::ffff:192.168.1.110:www ::ffff:60.54.196.173:28613 ESTAB 0 11680 ::ffff:192.168.1.110:www ::ffff:60.54.196.173:28614 ESTAB 507 0 ::ffff:192.168.1.110:www ::ffff:90.217.180.71:4237 ESTAB 277 0 ::ffff:192.168.1.110:www ::ffff:213.156.52.124:19314 ESTAB 0 84680 ::ffff:192.168.1.110:www ::ffff:79.77.109.169:1318 CLOSE-WAIT 461 0 ::ffff:192.168.1.110:www ::ffff:61.68.157.24:51318 CLOSE-WAIT 470 0 ::ffff:192.168.1.110:www ::ffff:76.172.123.0:1376 ESTAB 701 0 ::ffff:192.168.1.110:www ::ffff:89.103.41.64:4793 ESTAB 701 0 ::ffff:192.168.1.110:www ::ffff:89.103.41.64:4795 CLOSE-WAIT 268 0 ::ffff:192.168.1.110:www ::ffff:59.93.32.166:62319 ESTAB 701 0 ::ffff:192.168.1.110:www ::ffff:89.103.41.64:4797 CLOSE-WAIT 483 0 ::ffff:192.168.1.110:www ::ffff:149.254.200.236:43881 ESTAB 698 0 ::ffff:192.168.1.110:www ::ffff:89.103.41.64:4799 CLOSE-WAIT 0 11264 ::ffff:192.168.1.110:www ::ffff:74.240.108.93:62590 ESTAB 477 0 ::ffff:192.168.1.110:www ::ffff:89.54.154.7:1557 ESTAB 701 0 ::ffff:192.168.1.110:www ::ffff:89.103.41.64:4787 ESTAB 459 0 ::ffff:192.168.1.110:www ::ffff:208.82.3.15:18658 ESTAB 545 0 ::ffff:192.168.1.110:www ::ffff:213.156.52.124:18792 ESTAB 701 0 ::ffff:192.168.1.110:www ::ffff:89.103.41.64:4789 CLOSE-WAIT 371 0 ::ffff:192.168.1.110:www ::ffff:12.34.128.226:18426 ESTAB 701 0 ::ffff:192.168.1.110:www ::ffff:89.103.41.64:4791 CLOSE-WAIT 470 0 ::ffff:192.168.1.110:www ::ffff:90.217.180.71:3219 ESTAB 0 352 ::ffff:192.168.1.110:ssh ::ffff:12.34.128.226:17912 ESTAB 0 35040 ::ffff:192.168.1.110:www ::ffff:67.225.3.200:4732 CLOSE-WAIT 470 0 ::ffff:192.168.1.110:www ::ffff:69.137.139.125:2347 CLOSE-WAIT 470 0 ::ffff:192.168.1.110:www ::ffff:82.29.20.19:1857 CLOSE-WAIT 268 0 ::ffff:192.168.1.110:www ::ffff:59.93.32.166:62339 CLOSE-WAIT 345 0 ::ffff:192.168.1.110:www ::ffff:221.253.237.13:49787 CLOSE-WAIT 0 11680 ::ffff:192.168.1.110:www ::ffff:68.148.202.248:1472 CLOSE-WAIT 470 0 ::ffff:192.168.1.110:www ::ffff:79.68.169.80:50139 ESTAB 751 0 ::ffff:192.168.1.110:www ::ffff:89.103.41.64:4729 ESTAB 701 0 ::ffff:192.168.1.110:www ::ffff:89.103.41.64:4734 CLOSE-WAIT 470 0 ::ffff:192.168.1.110:www ::ffff:76.172.123.0:1191 ESTAB 701 0 ::ffff:192.168.1.110:www ::ffff:89.103.41.64:4725 CLOSE-WAIT 371 0 ::ffff:192.168.1.110:www ::ffff:12.34.128.226:20025 CLOSE-WAIT 470 0 ::ffff:192.168.1.110:www ::ffff:98.165.45.40:61144 CLOSE-WAIT 508 0 ::ffff:192.168.1.110:www ::ffff:24.57.132.242:63049 CLOSE-WAIT 508 0 ::ffff:192.168.1.110:www ::ffff:92.234.69.193:2157 ESTAB 507 0 ::ffff:192.168.1.110:www ::ffff:89.201.134.154:1749 CLOSE-WAIT 546 0 ::ffff:192.168.1.110:www ::ffff:213.156.52.124:16347 CLOSE-WAIT 316 0 ::ffff:192.168.1.110:www ::ffff:74.64.124.62:62988 ESTAB 469 0 ::ffff:192.168.1.110:www ::ffff:96.224.59.37:50657 ESTAB 0 84216 ::ffff:192.168.1.110:www ::ffff:142.177.181.95:61048 CLOSE-WAIT 0 11680 ::ffff:192.168.1.110:www ::ffff:68.2.73.173:61892 ESTAB 487 0 ::ffff:192.168.1.110:www ::ffff:91.12.239.201:1798 ESTAB 501 0 ::ffff:192.168.1.110:www ::ffff:24.118.227.122:3035 ESTAB 469 0 ::ffff:192.168.1.110:www ::ffff:85.139.184.56:47668 ESTAB 469 0 ::ffff:192.168.1.110:www ::ffff:76.127.242.143:10040 CLOSE-WAIT 546 0 ::ffff:192.168.1.110:www ::ffff:213.156.52.124:14830 ESTAB 0 67160 ::ffff:192.168.1.110:www ::ffff:202.30.18.218:3820 CLOSE-WAIT 281 0 ::ffff:192.168.1.110:www ::ffff:68.2.73.173:61919 root@hostname:~#
Done. I fallowed the instructions in this guild. http://advosys.ca/viewpoints/2006/08/installing-mod_evasive-in-ubuntu/ btw Code: en2mod did not work for me and I could not fine the package by running Code: apt-get install en2mod but Code: a2enmod did the trick and I was able to activated the mod. Time to sit back and see what happens with the server now.
Installed the mod and I am still getting these crazy logs even in the middle of the night. I know I would normally only have 1 to 5 people on at any even time. What should I do know? Code: State Recv-Q Send-Q Local Address:Port Peer Address:Port ESTAB 0 23460 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:11136 LAST-ACK 0 11041 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:5765 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:50059 ESTAB 435 0 ::ffff:192.168.1.110:www ::ffff:74.61.44.58:59617 LAST-ACK 0 11041 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:50318 CLOSE-WAIT 268 0 ::ffff:192.168.1.110:www ::ffff:78.3.26.66:20113 ESTAB 435 0 ::ffff:192.168.1.110:www ::ffff:74.61.44.58:59619 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:57751 CLOSE-WAIT 0 11680 ::ffff:192.168.1.110:www ::ffff:98.100.167.210:61379 ESTAB 0 69504 ::ffff:192.168.1.110:www ::ffff:15.203.169.106:61914 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:41878 ESTAB 0 52 ::ffff:192.168.1.110:ssh ::ffff:192.168.1.1:1142 LAST-ACK 0 11041 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:48537 ESTAB 0 94900 ::ffff:192.168.1.110:www ::ffff:70.101.18.121:61654 ESTAB 822 0 ::ffff:192.168.1.110:www ::ffff:74.61.44.58:59597 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:60834 CLOSE-WAIT 821 0 ::ffff:192.168.1.110:www ::ffff:74.61.44.58:59592 CLOSE-WAIT 823 0 ::ffff:192.168.1.110:www ::ffff:74.61.44.58:59594 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:26020 LAST-ACK 0 11041 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:1452 ESTAB 0 86880 ::ffff:192.168.1.110:www ::ffff:78.159.102.134:35464 ESTAB 822 0 ::ffff:192.168.1.110:www ::ffff:74.61.44.58:59613 SYN-SENT 0 1 192.168.1.110:36763 10.11.12.13:ipp CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:61110 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:1978 ESTAB 0 24840 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:54207 LAST-ACK 0 11041 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:8380 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:53442 ESTAB 0 92160 ::ffff:192.168.1.110:www ::ffff:75.41.112.238:53810 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:31169 LAST-ACK 0 11041 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:35530 LAST-ACK 0 11041 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:13000 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:2255 LAST-ACK 0 11041 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:7122 ESTAB 0 94656 ::ffff:192.168.1.110:www ::ffff:98.18.130.160:61094 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:20182 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:61398 ESTAB 470 0 ::ffff:192.168.1.110:www ::ffff:140.32.16.101:11464 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:50393 LAST-ACK 0 11041 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:39137 ESTAB 299 0 ::ffff:192.168.1.110:www ::ffff:66.249.71.46:59698 ESTAB 0 80300 ::ffff:192.168.1.110:www ::ffff:79.77.109.169:1321 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:56043 ESTAB 0 75920 ::ffff:192.168.1.110:www ::ffff:72.186.212.182:50292 ESTAB 0 74460 ::ffff:192.168.1.110:www ::ffff:24.185.104.128:2298 ESTAB 0 86140 ::ffff:192.168.1.110:www ::ffff:24.222.98.129:57749 LAST-ACK 0 11681 ::ffff:192.168.1.110:www ::ffff:24.237.96.120:1629 LAST-ACK 0 11681 ::ffff:192.168.1.110:www ::ffff:98.100.167.210:61350 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:59377 ESTAB 666 0 ::ffff:192.168.1.110:www ::ffff:75.9.168.191:64088 ESTAB 267 0 ::ffff:192.168.1.110:www ::ffff:78.3.26.66:20249 ESTAB 440 0 ::ffff:192.168.1.110:www ::ffff:202.7.197.250:42617 LAST-ACK 0 11041 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:18693 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:6405 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:5640 CLOSE-WAIT 690 0 ::ffff:192.168.1.110:www ::ffff:75.9.168.191:64085 CLOSE-WAIT 667 0 ::ffff:192.168.1.110:www ::ffff:75.9.168.191:64084 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:35859 CLOSE-WAIT 268 0 ::ffff:192.168.1.110:www ::ffff:78.3.26.66:23823 LAST-ACK 0 11041 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:35611 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:14873 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:64290 ESTAB 316 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:45089 ESTAB 0 80640 ::ffff:192.168.1.110:www ::ffff:76.66.164.158:1049 ESTAB 0 81312 ::ffff:192.168.1.110:www ::ffff:76.226.103.63:1754 ESTAB 0 69000 ::ffff:192.168.1.110:www ::ffff:152.39.64.148:52380 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:2091 ESTAB 0 55024 ::ffff:192.168.1.110:www ::ffff:63.246.251.128:59618 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:20009 ESTAB 392 0 ::ffff:192.168.1.110:www ::ffff:134.173.215.67:64851 LAST-ACK 0 11041 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:20781 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:13100 LAST-ACK 0 11041 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:15666 ESTAB 0 73000 ::ffff:192.168.1.110:www ::ffff:84.244.206.83:4123 CLOSE-WAIT 268 0 ::ffff:192.168.1.110:www ::ffff:78.3.26.66:23851 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:21563 CLOSE-WAIT 0 11040 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:58172 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:50243 CLOSE-WAIT 0 11040 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:48960 ESTAB 316 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:16192 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:12103 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:58440 LAST-ACK 0 11041 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:10829 ESTAB 392 0 ::ffff:192.168.1.110:www ::ffff:134.173.215.67:64815 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:1361 CLOSE-WAIT 268 0 ::ffff:192.168.1.110:www ::ffff:78.3.26.66:26703 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:60759 LAST-ACK 0 590 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:25172 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:16472 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:45663 ESTAB 0 73000 ::ffff:192.168.1.110:www ::ffff:67.161.29.78:62417 ESTAB 642 0 ::ffff:192.168.1.110:www ::ffff:58.69.243.154:39183 ESTAB 642 0 ::ffff:192.168.1.110:www ::ffff:58.69.243.154:39941 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:7291 LAST-ACK 0 11041 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:32123 CLOSE-WAIT 317 0 ::ffff:192.168.1.110:www ::ffff:210.212.58.170:35193
