| DDOS (maybe) over port 80 [message #144068] |
Sun, 30 September 2018 00:26  |
 |
bigmountain
Messages: 64
Registered: April 2006
|
|
|
|
Has anyone been experiencing a DDOS attack over port 80 in the past few days? I am seeing several IPs and in one case an entire class C block of addresses attempt to connect to most of the IPs on our network via port 80 TCP. I do not see any activity from these IP when I go to the individual host, so I have to assume that Control is dropping the connections. However, sometimes I see the connections dropping on their own and other times they do not seem to drop and I have to manually block the IP and/or IP range. When these attacks are happening, http service freezes up on most of the hosts behind the firewall and at times, may disrupt standard smtp over port 25. It does not affect https, imap(s), dns, etc. just http and sometimes smtp. Even stranger, when these attacks happen, they are not connecting via smtp at all. So, I do not know why smtp get blocked for some hosts when the http attack occurs. Last, I do have connection limits set near the Kerio defaults and it does not seem that the connection limits are being met as they are not logged in the warning log and I am not receiving alerts indicating this. Has anyone encountered this? I do have a ticket in with GFI with all of the details, but am wondering if maybe there is something wrong with the latest antivirus or intrusion prevention update that introduced a bug that is preventing Control from properly handling these http requests?
Preferred Kerio Partner and Cloud Solutions Provider - Offering both shared and dedicated Kerio Connect hosting solutions.
Visit us at http://bigmountainmail.com
|
|
|
|
Members
Search
Help
Register
Login
Home
