I haven't any problem like this but just in case, I installed the SonicWall Pro and plug all of the Cobalt Raqs on the DMZ port. It works great.
-Randy ----- Original Message ----- From: "Bradley Caricofe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 22, 2002 4:06 PM Subject: RE: [cobalt-security] SYN attacks killing me! Please HELP! > > Hi there, > > > > I own a Cobalt RaQ4 (as well as a RaQ3, and this problem applies to > > both) with near 150 customers in it, a few weeks ago the server suddenly > > stopped responding, first once a day, but now it's a nightmare.. > > sometimes it stays for days ok, then some day.. we start receiving > > SYN_RECV packets and the server dies. > > > > Changed from raq3 to raq4 and today the history repeated again. > > > > I've used tcp_syn_cookies, I have tried lots of ipchains firewalls, and > > nothing seems to help. Oh, adnd yes, I've installed until the latest > > patch. The last thing I did was to create a script I run every 2 minutes > > and detects SYN_RECV connections, if more than 15 are detected, then > > those IPs are banned (ipchains) it has somehow stopped attacks, but it's > > not perfect... somehow the bastard do the nasty in those 2 minutes and > > kill my server. > > > > Reading in the internet I found that it's a problem affecting old 2.2.x > > kernels (x<17 I think).. if you use a firewall and also set > > tcp_syncookies to 1 somehow you are in danger. My concern is that I can > > NOT wait any longer for cobalt to release a new kernel, I've waited like > > 2 months and no new updates regarding kernels. Is there ANY workaround I > > can do in order to avoid syn attacks? My clients are very upset with me > > because of the constant failures and I have no life.. saturday night, > > sundays early in the morning, friday afternoon, at any time my system > > has to be rebooted... > > > > Please, help. > > > > Ernesto > > Ernesto, we have a couple of RaQ3's and have been having similar problems > with the systems going down intermittently. One server in particular is > being used to power a single somewhat high-profile website and recently for > about a week straight it was going down every day. We scoured the logfiles > and did find unusual activity but nothing that explained the crashes. We > noticed a lot of unauthorized attempts at accessing the admin server and we > applied some firewall rules to port 81, the system hasn't crashed since. > Sorry I can't give a more technical explanation, we aren't even sure if we > fixed the issue with the new rules or if we're just lucky. > > -Brad > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
