Linux IPTable for a "weird attack"

Ask questions about dedicated servers here and we and other users will do our best to answer them. Please also refer to the self-help section for tutorials and answers to the most commonly asked questions.
Post Reply
erie1555
New to forums
New to forums
Posts: 4
https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
Joined: Sun Oct 16, 2011 9:29 am

Linux IPTable for a "weird attack"

Post by erie1555 »

Hello,

My server seems to crash from a weird attack, that I've never seen before.
"NET_GetLong: Split packet from 53.80.117.132:25754 with invalid split size (number 99/ count 114) where size 8293 is out of valid range [564 - 1248 ]"

How would I block this with iptables?
Top
User avatar
Edge100x
Founder
Founder
Posts: 12948
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:
Contact Edge100x

Re: Linux IPTable for a "weird attack"

Post by Edge100x »

I've seen this happen before with certain malformed packets that look like Source server queries but aren't. That specific attack is blocked everywhere we have a router and 10G connection, though, so you can't be seeing the same one.

Do you have a packet capture that was made while the attack was in progress?
Top
erie1555
New to forums
New to forums
Posts: 4
Joined: Sun Oct 16, 2011 9:29 am

Re: Linux IPTable for a "weird attack"

Post by erie1555 »

The attack seems to occur so fast, that I'm unable to even capture any packets of the actual attack
Top
User avatar
Edge100x
Founder
Founder
Posts: 12948
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:
Contact Edge100x

Re: Linux IPTable for a "weird attack"

Post by Edge100x »

If you contact us, we can see if it shows in the router logs. You could also keep windump/wireshark running for awhile and try to capture it that way.
Top
Post Reply

Return to “Dedicated servers and Virtual Dedicated Servers”