One of my servers is suspected of flooding

Support for security such as Firewalls and securing linux
username
Posts: 49
Joined: 2013/03/04 13:17:23

Re: One of my servers is suspected of flooding

Postby username » 2018/02/02 13:21:57

avij wrote:"sports: Dynamic (1024-65535), dports"

Source and destination ports .. but did you or they accidentally leave out the destination ports part?


Yep, they removed it or did a wrong cut/paste... :roll:

User avatar
avij
Forum Moderator
Posts: 2448
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: One of my servers is suspected of flooding

Postby avij » 2018/02/02 13:30:52

I'd ask them again if they actually know the destination ports as well. It might help narrowing down the problem.

username
Posts: 49
Joined: 2013/03/04 13:17:23

Re: One of my servers is suspected of flooding

Postby username » 2018/02/02 13:33:14

avij wrote:I'd ask them again if they actually know the destination ports as well. It might help narrowing down the problem.


Yes, I have asked for more information, telling them the line was truncated.

EDIT : Well, they answered that unfortunately they don't have more informations. The server is still up since 3 days and they didn't shut it down. I've restarted httpd and mysqld and I will just wait to see how it's going on. I have always disabled SELlinux because it was a bit of trouble to configure. Well, next time I will keep it even if I am unsure if it could have helped. I will set up a CentOS 7 replacement server in the next weeks as soon I have finished reading my book about Docker. Maybe Docker can also add another level of security through isolation of process. Also Seafile wasn't updated since at least one year because the team suddenly dropped support. I have no idea if it was the culprint. But now they have a seafile container that could prevent that from happening.