Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Block SYN Attack on port 80 in Lynux Web Server.

Dear Experts,

We are using Linux Web server , we are facing for the last couple days SYN Attack  on port 80 in this server.

please see the log of my server. ( continue SYN Attack on port  80 )


178.123.148.44:3852   81.103.102.106:80     CLOSING      1s     203 B/s
78.52.46.89:3334      81.103.102.106:80     CLOSING      1s     201 B/s
78.225.34.186:2052    81.103.102.106:80     CLOSING      0s     148 B/s
126.114.59.64:4238    81.103.102.106:80     CLOSING      2s     148 B/s
178.123.148.44:4523   81.103.102.106:80     SYN_SENT     0s     0 B/s
59.92.240.66:2957     81.103.102.106:80     CLOSING      0s     0 B/s
178.123.148.44:1330   81.103.102.106:80     SYN_SENT     0s     0 B/s
59.92.240.66:3197     81.103.102.106:80     SYN_SENT     0s     0 B/s
126.114.59.64:4371    81.103.102.106:80     CLOSING      0s     0 B/s
178.123.148.44:2698   81.103.102.106:80     CLOSING      0s     0 B/s
178.123.148.44:2023   81.103.102.106:80     CLOSING      0s     0 B/s
125.29.132.62:3338    81.103.102.106:80     SYN_SENT     0s     0 B/s
86.74.149.4:3514      81.103.102.106:80     SYN_SENT     0s     0 B/s
120.28.84.90:52574    81.103.102.106:80     SYN_SENT     0s     0 B/s
178.123.148.44:1435   81.103.102.106:80     SYN_SENT     0s     0 B/s
178.123.148.44:4512   81.103.102.106:80     SYN_SENT     0s     0 B/s
178.123.148.44:4586   81.103.102.106:80     SYN_SENT     0s     0 B/s
125.29.132.62:3339    81.103.102.106:80     SYN_SENT     0s     0 B/s
178.123.148.44:4568   81.103.102.106:80     SYN_SENT     0s     0 B/s
81.83.202.219:28831   81.103.102.106:80     SYN_SENT     0s     0 B/s
                   

So how can i block in my router to prevent SYN Attack in my web server.

Thanks in ADV,

1 REPLY
Hall of Fame Super Silver

Re: Block SYN Attack on port 80 in Lynux Web Server.

Hello Vaibhav,

TCP intercept feature can be of help to mitigate SYN attacks

see

http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cfg_tcp_intercpt_ps6441_TSD_Products_Configuration_Guide_Chapter.html

Hope to help

Giuseppe

430
Views
5
Helpful
1
Replies
CreatePlease to create content