Hi Jim,
On 28/02/2015 20:46, Jim Whitby wrote:
Since install this version, I'm seeing a *lot* of these errors, are they for
real or is something else going on?
Feb 27 21:23:01 number1.jameswhitby.net ntopng[943]: 1425090181|2|0|Host <A
HREF=/lua/host_details.lua?host=127.0.0.1&ifname=lo>127.0.0.1</A> is a SYN
flooder [395 SYNs sent in the last 3 sec] TCP 127.0.0.1:33981 > 127.0.0.1:3000
[proto: 0/Unknown][1/0 pkts][74/0 bytes]
Feb 27 21:23:01 number1.jameswhitby.net ntopng[943]: 1425090181|2|0|Host <A
HREF=/lua/host_details.lua?host=127.0.0.1&ifname=lo>127.0.0.1</A> is under SYN
flood attack [395 SYNs received in the last 3 sec] TCP 127.0.0.1:33981 >
127.0.0.1:3000 [proto: 0/Unknown][1/0 pkts][74/0 bytes]
Feb 27 21:23:48 number1.jameswhitby.net ntopng[943]: 1425090228|2|0|Host <A
HREF=/lua/host_details.lua?host=192.168.10.21&ifname=enp6s0>192.168.10.21</A> is
a SYN flooder [100 SYNs sent in the last 3 sec] TCP 192.168.10.21:38741 >
93.171.243.21:14089 [proto: 0/Unknown][3/0 pkts][222/0 bytes]
These seem like alerts that ntopng is writing in your log. Are you seeing alerts
for hosts that you know not to be flooders?
Thanks,
Arianna
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
--
/*
* Arianna Avanzini
* [email protected]
* http://ava.webhop.me
*/
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
