[CentOS] Can't get rid of SYN_RECV

Philip Reynolds philip.reynolds at gmail.com
Fri Aug 4 08:12:09 UTC 2006


On 8/4/06, Paul <unix at bikesn4x4s.com> wrote:
> > So, seeing this is weird activity, I wanna see if I can put a stop to it.
> > So I added to iptables:
> > -A INPUT -s 209.200.128.0/255.255.192.0 -j DROP
> > -A OUTPUT -o eth0 -p tcp -m tcp -d 209.200.128.0/255.255.192.0 -j DROP
> >
> > I restarted httpd and still get the same thing.  WTF???
>
>
> OK, I figured it out.  The IP address that was attacking is actually
> 63.240.230.5.  nslookup on the above gives me 209.200.169.10.  I really
> dislike reverse lookups in logs and such.  &*^(*%$%*&^_

netstat with the '-n' flag is the norm for looking at such things.
Never trust the reverse lookups as you see.

Phil.



More information about the CentOS mailing list