On 03/29/2015 04:40 PM, Arianna Avanzini wrote:
Hi Jim,
On 28/02/2015 20:46, Jim Whitby wrote:
Since install this version, I'm seeing a *lot* of these errors, are
they for
real or is something else going on?
Feb 27 21:23:01 number1.jameswhitby.net ntopng[943]:
1425090181|2|0|Host <A
HREF=/lua/host_details.lua?host=127.0.0.1&ifname=lo>127.0.0.1</A> is
a SYN
flooder [395 SYNs sent in the last 3 sec] TCP 127.0.0.1:33981 >
127.0.0.1:3000
[proto: 0/Unknown][1/0 pkts][74/0 bytes]
Feb 27 21:23:01 number1.jameswhitby.net ntopng[943]:
1425090181|2|0|Host <A
HREF=/lua/host_details.lua?host=127.0.0.1&ifname=lo>127.0.0.1</A> is
under SYN
flood attack [395 SYNs received in the last 3 sec] TCP 127.0.0.1:33981 >
127.0.0.1:3000 [proto: 0/Unknown][1/0 pkts][74/0 bytes]
Feb 27 21:23:48 number1.jameswhitby.net ntopng[943]:
1425090228|2|0|Host <A
HREF=/lua/host_details.lua?host=192.168.10.21&ifname=enp6s0>192.168.10.21</A>
is
a SYN flooder [100 SYNs sent in the last 3 sec] TCP
192.168.10.21:38741 >
93.171.243.21:14089 [proto: 0/Unknown][3/0 pkts][222/0 bytes]
These seem like alerts that ntopng is writing in your log. Are you
seeing alerts for hosts that you know not to be flooders?
Thanks,
Arianna
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
For whatever reason they have stopped.
--
GIVE UP!!!!
----------------------
Mageia release 4 (Official) for x86_64
3.14.32-desktop-1.mga4 x86_64
----------------------
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
