Re: DoS attack against TCP services

To: Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>
Subject: Re: DoS attack against TCP services
From: 6bone%6bone.informatik.uni-leipzig.de@localhost
Date: Mon, 19 Jan 2015 09:14:44 +0100 (CET)

On Sun, 18 Jan 2015, Mindaugas Rasiukevicius wrote:

Date: Sun, 18 Jan 2015 23:22:47 +0000
From: Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>
To: 6bone%6bone.informatik.uni-leipzig.de@localhost
Cc: current-users%netbsd.org@localhost
Subject: Re: DoS attack against TCP services

6bone%6bone.informatik.uni-leipzig.de@localhost wrote:

Hello,

it was launched a DoS attack against my server. The attacker opened ssh
connections from different servers until all sockets are use.

I have stopped the ssh service and terminates all processes.
Unfortunately, all TCP connections are now in the TIME_WAIT state.

bash-4.3 # netstat -a -n | grep TIME_WAIT | wc -l
     34611

Is there a way to remove it without rebooting the server?


tcpdrop(8)?


It works. But why doesn't drop the kernel it automatically?


--
Mindaugas

Uwe

Follow-Ups:
- Re: DoS attack against TCP services
  - From: Michael van Elst

References:
- DoS attack against TCP services
  - From: 6bone
- Re: DoS attack against TCP services
  - From: Mindaugas Rasiukevicius

Prev by Date: daily CVS update output
Next by Date: Re: DoS attack against TCP services
Previous by Thread: Re: DoS attack against TCP services
Next by Thread: Re: DoS attack against TCP services
Indexes:

Home | Main Index | Thread Index | Old Index