View previous topic :: View next topic |
Author |
Message |
deathiv n00b
Joined: 30 May 2012 Posts: 11
|
Posted: Wed Dec 12, 2012 2:58 am Post subject: SSh connections |
|
|
I have a gentoo server, and recently my network has been running very slowly. I tried many things and one of them was to use netstat to see what traffic was coming in.
It's been going for 2 hours now and no end in site of the thousands of lines that read tcp 0 0/1 livecd:<port> ip:ssh syn_sent/Established
Is this something to be worried about and what does it mean? |
|
Back to top |
|
|
albright Advocate
Joined: 16 Nov 2003 Posts: 2588 Location: Near Toronto
|
Posted: Wed Dec 12, 2012 3:03 am Post subject: |
|
|
It is said this is a symptom of denial of service attack.
does that make sense in your situation?
this site seems to have good advice:
http://nazeems.wordpress.com/2012/09/08/ddos-attack-measures/ _________________ .... there is nothing - absolutely nothing - half so much worth
doing as simply messing about with Linux ...
(apologies to Kenneth Graeme) |
|
Back to top |
|
|
deathiv n00b
Joined: 30 May 2012 Posts: 11
|
Posted: Wed Dec 12, 2012 3:11 am Post subject: |
|
|
Yup, those symptoms fit, but as to why that happened I don't know, it seemed to stop when I rebooted, but if It starts up again I'll try to follow that guide. |
|
Back to top |
|
|
Hu Administrator
Joined: 06 Mar 2007 Posts: 21867
|
Posted: Thu Dec 13, 2012 2:18 am Post subject: |
|
|
Did your reboot change your IP address? If so, the attack is now hitting someone else. |
|
Back to top |
|
|
deathiv n00b
Joined: 30 May 2012 Posts: 11
|
Posted: Thu Dec 13, 2012 8:31 pm Post subject: |
|
|
IP's static. I changed some of the settings and am probably going to reassign SSHD to run on a different port than 22 so that the connections don't find the port. |
|
Back to top |
|
|
|