View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions SYN flood?
Log in to Ask a Question

SYN flood?

networking

Pardon my networking ignorance, but is this a SYN flood?

www:~# netstat

Active Internet connections (w/o servers)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 brlewis.com:www 193.169.4.13:61642 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.199:16034 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.197:36557 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.153:5709 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.167:37877 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.86:14899 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.230:48633 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.168:46240 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.236:26004 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.40:6383 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.123:44650 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.103:22654 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.92:50918 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.48:58270 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.22:32343 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.182:49329 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.112:24481 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.76:28094 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.72:31597 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.200:55014 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.158:10442 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.158:10442 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.96:1720 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.152:12587 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.106:57504 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.109:51708 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.56:23003 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.54:7888 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.241:5935 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.158:19243 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.186:44281 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.147:17838 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.4:44970 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.189:14696 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.169:44847 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.119:23542 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.247:2052 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.202:16181 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.154:51995 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.120:26203 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.96:34140 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.137:3150 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.21:46354 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.37:41570 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.228:55795 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.219:15316 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.204:17209 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.157:2641 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.128:3432 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.10:16164 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.83:63717 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.132:63233 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.41:51019 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.89:26703 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.204:52343 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.201:1577 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.239:57661 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.75:28427 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.166:29923 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.111:57818 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.45:9663 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.107:13542 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.201:5283 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.113:11950 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.95:55526 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.74:36711 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.43:28143 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.197:8051 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.179:8492 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.221:15417 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.207:3980 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.192:18431 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.63:25397 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.229:55587 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.247:25373 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.130:2943 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.185:40491 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.146:45865 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.143:5988 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.166:46453 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.33:29368 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.176:62682 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.147:22442 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.243:64994 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.126:61022 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.190:46207 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.138:65330 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.13:23253 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.119:55188 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.110:47496 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.182:59012 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.42:43648 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.138:41386 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.218:61130 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.146:37560 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.46:64601 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.144:37169 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.94:34990 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.165:19946 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.3:39126 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.159:29997 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.112:57600 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.193:48002 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.112:37436 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.14:23716 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.2:36485 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.130:47058 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.63:7429 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.35:4519 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.215:36719 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.139:49074 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.136:57673 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.127:30624 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.227:176 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.168:14728 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.165:22977 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.129:64299 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.58:39120 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.40:60061 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.67:58087 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.244:3341 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.120:34596 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.192:48917 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.65:58959 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.184:10749 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.122:45264 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.238:28146 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.118:44194 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.31:47108 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.7:31083 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.217:63656 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.44:49660 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.34:23934 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.90:63653 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.78:21123 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.94:45387 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.211:28901 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.11:10509 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.128:26211 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.172:10950 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.194:36766 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.87:17378 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.53:43870 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.169:54891 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.163:49048 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.22:2208 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.184:40888 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.16:15492 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.245:9051 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.19:55626 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.175:56309 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.135:53972 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.51:65005 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.187:24638 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.130:47379 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.107:40028 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.61:1954 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.121:29361 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.104:47902 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.24:38888 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.226:14638 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.59:62471 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.64:18831 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.52:39375 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.252:20843 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.183:33826 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.230:51752 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.140:20898 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.103:28015 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.180:27952 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.24:2821 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.85:43843 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.145:17160 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.62:7514 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.171:30762 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.17:54797 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.138:45744 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.104:38360 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.57:31630 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.249:8051 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.118:20060 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.180:18638 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.149:10518 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.91:32141 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.20:11029 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.148:28996 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.137:48156 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.70:23349 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.36:61857 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.206:23384 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.235:58868 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.36:55160 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.190:18696 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.64:27897 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.100:14860 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.250:61742 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.159:18590 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.141:7059 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.105:6622 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.5:15697 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.125:32568 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.224:23315 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.152:49825 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.4.151:41009 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.248:39418 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.233:32945 SYN_RECV

tcp 0 0 brlewis.com:www 193.169.5.7:14527 SYN_RECV

4 Replies

Can you tell if your web server has maxed out its children?

It maxed out its children several hours earlier and I restarted it. Seems OK now: http://ourdoings.com/

It may not be a SYN flood, rather a request flood on Apache. I'm no expert on this, though. Considering they're all on the same two class-C blocks, it certainly looks suspicious.

I would suggest that you add an IPTABLES rule to block all traffic from 193.169.4.x and 193.169.5.x, assuming the rest of your logs look the same and all traffic is coming from there.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct