[Box-Admins] About the server downtime today
Levente Uzonyi
leves at elte.hu
Fri Oct 21 15:13:02 UTC 2011
Hi,
the webserver stopped responding today, while ping was working fine. I
contacted Bert on IRC who gave me access to the box. As he suggested I
tried restarting apache, which temporarily solved the problem, but in
10-20 minutes the server went down again. At this point there were several
connections to port 80 in SYN_RECV state, which is a sign of a possible
SYN flood attack. I did a few more apache restarts and I installed tcpdump
in order to find out the cause, but after checking quite a few
(non-suspicious) connections, I gave up. I enabled tcp_syncookies on the
server which solved the problem without further apache restarts.
Cheers,
Levente
More information about the Box-Admins
mailing list