Hi all,
I'm having an issue at the moment on an openSUSE 13.1 server. It looks as though we are experiencing a DDoS attack.
http://imgur.com/ZErPg8h
From multiple external IP addresses, we receive a number TCP ACK messages, from there our internal openSUSE server with an exponentially higher volume of dup ack reply messages (I'm reading more than 700,000 reply dup ack messages from my internal host in a single session!)
Does anyone know of any bugs that might be causing so many dup ack outbound messages in a single session?
(It looks to me like a DupACK Spoofing attack)
http://scenic.princeton.edu/network2...estion_Control
Any help would be greatly appreciated!
Cheers,
Josh
I'm having an issue at the moment on an openSUSE 13.1 server. It looks as though we are experiencing a DDoS attack.
http://imgur.com/ZErPg8h
From multiple external IP addresses, we receive a number TCP ACK messages, from there our internal openSUSE server with an exponentially higher volume of dup ack reply messages (I'm reading more than 700,000 reply dup ack messages from my internal host in a single session!)
Does anyone know of any bugs that might be causing so many dup ack outbound messages in a single session?
(It looks to me like a DupACK Spoofing attack)
http://scenic.princeton.edu/network2...estion_Control
Any help would be greatly appreciated!
Cheers,
Josh