Look at this..
Is this an attack or what ? how can i have 779 connections form the primary server IP ??? i've never seen something like this...
Just pasted the last lines from the output of the netstat command.. and got the number of connections per IP on 80 port:
[email protected] [/tmp]# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | more
779 XX.XX.XX.XX ----------------> PRIMARY SERVER IP
104 24.42.134.253
90 201.247.190.136
67 85.57.5.50
65 217.216.144.66
58 88.14.20.182
58 85.54.231.126
58 81.33.213.96
58 81.231.92.63
56 83.32.70.11
54 83.103.128.166
DC Techs told me it may be some syn flood, also told me connections are in TIME WAIT, they told me to put a firewall and try to put off the keepalives in httpd.conf.... and already did keepalives, already have APF well configured, with anti-dos working, also they told me to optimize the server, and i already have optimized for apache, mysql, and systcl, and still got the same issue...
Also from netstat see lot of connections like this:
--------------------------------------------------------------
tcp 0 0 server.myserver:http 22.Red-83-59-187.dyna:10429 TIME_WAIT
tcp 0 0 server.myserver:http 77.Red-83-52-236.dynam:2238 TIME_WAIT
tcp 0 0 server.myserver:http cm16161.red.mundo-r.co:4441 TIME_WAIT
tcp 0 0 server.myserver:http ti200720a080-0340.bb.:53028 TIME_WAIT
tcp 0 0 server.myserver:http 77.Red-83-52-236.dynam:2233 TIME_WAIT
tcp 0 0 server.myserver:http cm16161.red.mundo-r.co:4446 TIME_WAIT
tcp 0 0 server.myserver:http host86-141-166-187.ran:1858 TIME_WAIT
how can I detect who's causing the problem and fix it ? i need a solution
This is a dual xeon 3.2, 2 GB RAM, RedHat ES 3 with cPanel.
Is this an attack or what ? how can i have 779 connections form the primary server IP ??? i've never seen something like this...
Just pasted the last lines from the output of the netstat command.. and got the number of connections per IP on 80 port:
[email protected] [/tmp]# netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | more
779 XX.XX.XX.XX ----------------> PRIMARY SERVER IP
104 24.42.134.253
90 201.247.190.136
67 85.57.5.50
65 217.216.144.66
58 88.14.20.182
58 85.54.231.126
58 81.33.213.96
58 81.231.92.63
56 83.32.70.11
54 83.103.128.166
DC Techs told me it may be some syn flood, also told me connections are in TIME WAIT, they told me to put a firewall and try to put off the keepalives in httpd.conf.... and already did keepalives, already have APF well configured, with anti-dos working, also they told me to optimize the server, and i already have optimized for apache, mysql, and systcl, and still got the same issue...
Also from netstat see lot of connections like this:
--------------------------------------------------------------
tcp 0 0 server.myserver:http 22.Red-83-59-187.dyna:10429 TIME_WAIT
tcp 0 0 server.myserver:http 77.Red-83-52-236.dynam:2238 TIME_WAIT
tcp 0 0 server.myserver:http cm16161.red.mundo-r.co:4441 TIME_WAIT
tcp 0 0 server.myserver:http ti200720a080-0340.bb.:53028 TIME_WAIT
tcp 0 0 server.myserver:http 77.Red-83-52-236.dynam:2233 TIME_WAIT
tcp 0 0 server.myserver:http cm16161.red.mundo-r.co:4446 TIME_WAIT
tcp 0 0 server.myserver:http host86-141-166-187.ran:1858 TIME_WAIT
how can I detect who's causing the problem and fix it ? i need a solution
This is a dual xeon 3.2, 2 GB RAM, RedHat ES 3 with cPanel.