Hello,
My server seems to crash from a weird attack, that I've never seen before.
"NET_GetLong: Split packet from 53.80.117.132:25754 with invalid split size (number 99/ count 114) where size 8293 is out of valid range [564 - 1248 ]"
How would I block this with iptables?
Linux IPTable for a "weird attack"
-
- New to forums
- Posts: 4
- https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
- Joined: Sun Oct 16, 2011 9:29 am
Re: Linux IPTable for a "weird attack"
I've seen this happen before with certain malformed packets that look like Source server queries but aren't. That specific attack is blocked everywhere we have a router and 10G connection, though, so you can't be seeing the same one.
Do you have a packet capture that was made while the attack was in progress?
Do you have a packet capture that was made while the attack was in progress?
Re: Linux IPTable for a "weird attack"
The attack seems to occur so fast, that I'm unable to even capture any packets of the actual attack
Re: Linux IPTable for a "weird attack"
If you contact us, we can see if it shows in the router logs. You could also keep windump/wireshark running for awhile and try to capture it that way.