Portal Home > Knowledgebase > Articles Database > SYN_RECV
SYN_RECV
Posted by JohnnyU, 01-18-2010, 03:44 PM |
Hi, i have a VPS and when i run netstat -a -F i see some strange connections:
Last edited by JohnnyU; 01-18-2010 at 03:53 PM.
|
Posted by JohnCS, 01-19-2010, 03:52 AM |
Use below iptables rules to prevent SYN Attack,
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP
iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP
|
Posted by madaboutlinux, 01-19-2010, 06:14 AM |
You see SYN_RECV connections either if there is a buggy software OR your server is been targeted. Looking at the output it doesn't look like a DDOS attack and there is nothing to worry about it.
BTW, why are there direct connections to Mysql? If all your websites and their databases are on the same server and you are not allowing remote Mysql access to your clients, block the incoming connection to port 3306.
|
Posted by JohnnyU, 01-19-2010, 08:56 AM |
How do i block my 3306 port?
I have 2 other people with diffrent ips that need to use my Plesk
[mysqld]
port=3306
skip-bdb
skip-locking
skip-name-resolve
|
Add to Favourites Print this Article
Also Read