Search Results

Search found 93 results on 4 pages for 'flooding'.

Page 1/4 | 1 2 3 4  | Next Page >

  • Why does ping flooding a domain name freezes and not a direct ip address

    - by CYREX
    I am wondering why, when ping flooding a domain, the ping flood freezes after a couple of seconds then continues and this freeze, unfreeze continues until i stop the ping flood. When i do the same using the ip it does not freeze. NEVER. i did for example sudo ping -f IP (It does not freeze) then i did sudo ping -f DomainName (It freezes after a couple of seconds) Why does ping flooding an IP not freezes and ping flooding the same place using the domain name does freeze. EDIT - What i mean about freezing is that the behavior of the ping flood should send a ping and create a dot (.) for each ping but also remove each dot (.) after receiving the echo request. Looks something like this: .......... <-- This means you just send 10 ping requests. If the requests are answer, for each request answer a dot is removed. The freeze happens when this is sending or receiving. The dots will stay there frozen, like is not receiving or sending any packets. For the PING FLOOD. I do not mean in the evil way of flooding a place, i mean in the testing way. To test the performance/speed of the request send and answered of the ping requests. If you send a ping flood to google's IP for about 10 seconds you would have send about 1000 packets.but if you do it to google's domain name (google.com) it will create the freeze am talking about. IMPORTANT - Do not confuse with flooding a site with ping of death attacks.

    Read the article

  • "Possible SYN flooding" in log despite low number of SYN_RECV connections

    - by al4
    Recently we had an apache server which was responding very slowly due to SYN flooding. The workaround for this was to enable tcp_syncookies (net.ipv4.tcp_syncookies=1 in /etc/sysctl.conf). I posted a question about this here if you want more background. After enabling syncookies we started seeing the following message in /var/log/messages approximately every 60 seconds: [84440.731929] possible SYN flooding on port 80. Sending cookies. Vinko Vrsalovic informed me that this means the syn backlog is getting full, so I raised tcp_max_syn_backlog to 4096. At some point I also lowered tcp_synack_retries to 3 (down from the default of 5) by issuing sysctl -w net.ipv4.tcp_synack_retries=3. After doing this, the frequency seemed to drop, with the interval of the messages varying between roughly 60 and 180 seconds. Next I issued sysctl -w net.ipv4.tcp_max_syn_backlog=65536, but am still getting the message in the log. Throughout all this I've been watching the number of connections in SYN_RECV state (by running watch --interval=5 'netstat -tuna |grep "SYN_RECV"|wc -l'), and it never goes higher than about 240, much much lower than the size of the backlog. Yet I have a Red Hat server which hovers around 512 (limit on this server is the default of 1024). Are there any other tcp settings which would limit the size of the backlog or am I barking up the wrong tree? Should the number of SYN_RECV connections in netstat -tuna correlate to the size of the backlog? Update As best I can tell I'm dealing with legitimate connections here, netstat -tuna|wc -l hovers around 5000. I've been researching this today and found this post from a last.fm employee, which has been rather useful. I've also discovered that the tcp_max_syn_backlog has no effect when syncookies are enabled (as per this link) So as a next step I set the following in sysctl.conf: net.ipv4.tcp_syn_retries = 3 # default=5 net.ipv4.tcp_synack_retries = 3 # default=5 net.ipv4.tcp_max_syn_backlog = 65536 # default=1024 net.core.wmem_max = 8388608 # default=124928 net.core.rmem_max = 8388608 # default=131071 net.core.somaxconn = 512 # default = 128 net.core.optmem_max = 81920 # default = 20480 I then setup my response time test, ran sysctl -p and disabled syncookies by sysctl -w net.ipv4.tcp_syncookies=0. After doing this the number of connections in the SYN_RECV state still remained around 220-250, but connections were starting to delay again. Once I noticed these delays I re-enabled syncookies and the delays stopped. I believe what I was seeing was still an improvement from the initial state, however some requests were still delayed which is much worse than having syncookies enabled. So it looks like I'm stuck with them enabled until we can get some more servers online to cope with the load. Even then, I'm not sure I see a valid reason to disable them again as they're only sent (apparently) when the server's buffers get full. But the syn backlog doesn't appear to be full with only ~250 connections in the SYN_RECV state! Is it possible that the SYN flooding message is a red herring and it's something other than the syn_backlog that's filling up? If anyone has any other tuning options I haven't tried yet I'd be more than happy to try them out, but I'm starting to wonder if the syn_backlog setting isn't being applied properly for some reason.

    Read the article

  • HP network discovery service flooding network with SLP / SRVLOC requests

    - by Chipmunk
    I am having trouble with "HP Network discovery service" which I think is responsible for flooding my network with SLP/SRVLOC requests. This has happened on multiple occasions on different devices where some HP printer software installed. Have I misconfigured something in my network that causes this? Or is the HP service at fault? The destination address (224.0.1.60) and SLP confirm that it is a HP service that is doing this. Also the service url in the packets read: "service:x-hpnp-discover:" further confirms this. Why is this happening? I doubt HP would release faulty software like this? So this leaves me thinking that maybe some settings on the HP Procurves are not set up properly? Comments and suggestions welcome, thank you. Kind regards, Chris

    Read the article

  • GET /wpad.dat entries flooding my access_log

    - by Aas
    I have a small LAN of some 30 users in it with proxy auto configuration enabled and working. Two of them are requesting wpad.dat file too rapidly at a pace of 30 times per second. 10.1.14.246 - - [02/Jun/2014:09:07:18 +0200] "GET /wpad.dat HTTP/1.1" 302 302 10.1.14.141 - - [02/Jun/2014:09:07:18 +0200] "GET /wpad.dat HTTP/1.1" 302 302 I don't know whether this is a problem from performance perspective, (the server is powerful enough to handle this) but the problem is it clogs up the access_log file. It grows about 1GB per week. Clients run Win7Pro. What could cause this behavior? What can be done to stop it? I have shortened log rotate window as a temporary workaround to prevent /var fill up. Thanks beforehand for your support.

    Read the article

  • UDP flooding multiple servers

    - by Chris Gurney
    What do you suggest? Being UDP flooded as I write to multiple servers in different data centers in 5 different countries . Up to 250,000 packets a second. I believe Cisco routers 5505 would not handle that - (some of our datacenter hosters can offer them. Some have no firewalls to offer.) Our clients naturally have constant disconnects to the server they are on. Hacker started this about three weeks ago. Sometimes for a few hours - up to a few days. If we can't stop it hitting the server with firewalls then how do we stop the hacker - now there is the challenge! Update : Found some of the data centers offer up to 10 firewall rules but would their routers be able to handle the possible volume I am talking about? Thanks Chris

    Read the article

  • How does ospf control flooding?

    - by iamrohitbanga
    What method is used by ospf protocol to prevent looping of flooded packets for link state advertisements? The packet header does not contain any timestamp. How do the routers recognize that it is the same advertisement that they sent before?

    Read the article

  • how does ospf control flooding?

    - by iamrohitbanga
    what method is used by ospf protocol to prevent looping of flooded packets for link state advertisements? The packet header does not contain any timestamp. How do the routers recognize that it is the same advertisement that they sent before?

    Read the article

  • Ping flood attack every 5 seconds

    - by Mario
    My router's log, which is a D-Link DIR-600, shows 40 pages (and updating) of entries like: Nov 19 11:17:08 PING-FLOODING flooding attack from WAN (ip:85.250.85.11) detected. Nov 19 11:17:02 PING-FLOODING flooding attack from WAN (ip:85.131.129.176) detected. Nov 19 11:16:57 PING-FLOODING flooding attack from WAN (ip:122.107.244.152) detected. Nov 19 11:16:50 PING-FLOODING flooding attack from WAN (ip:88.103.8.96) detected. Nov 19 11:16:46 PING-FLOODING flooding attack from WAN (ip:212.142.91.106) detected. Nov 19 11:16:38 PING-FLOODING flooding attack from WAN (ip:184.170.6.63) detected. Nov 19 11:16:34 PING-FLOODING flooding attack from WAN (ip:1.239.96.192) detected. Nov 19 11:16:26 PING-FLOODING flooding attack from WAN (ip:120.29.76.184) detected. Nov 19 11:16:20 PING-FLOODING flooding attack from WAN (ip:110.77.137.228) detected. Nov 19 11:16:15 PING-FLOODING flooding attack from WAN (ip:201.141.51.210) detected. What should I do? ICMP is disabled (router does not respond to WAN pings).

    Read the article

  • Supercharge Your Website and See Traffic Flooding at Your Door

    Thanks to your tips and tactics, my website is supercharged and I have more visitors than I can handle (of course he is able to handle), exclaimed my friend when I entered his home for the super success party that he threw. It was not long ago when after losing his job to the economic meltdown, he started an online business. Since he was still under the influence of stress, he wanted to give it all up, because initially his website remained almost obsolete.

    Read the article

  • possible SYN flooding on port 80. Sending cookies

    - by Sparsh Gupta
    I recently had a server downtime. I looked everywhere and the only thing I found in my log files is: Feb 17 18:58:04 localhost kernel: possible SYN flooding on port 80. Sending cookies. Feb 17 18:59:33 localhost kernel: possible SYN flooding on port 80. Sending cookies. Can someone give me more information about it. WHat is it, How can I debug the cause and how can I fix the same. I also posted ipconntrack suddenly became toooo large which has another data point I found unusual, wondering if the two things is connected as they occured exactly at the same time but at different servers. One at reverse proxy and other at actual backend Varnish server) Thanks

    Read the article

  • Switch flooding when bonding interfaces in Linux

    - by John Philips
    +--------+ | Host A | +----+---+ | eth0 (AA:AA:AA:AA:AA:AA) | | +----+-----+ | Switch 1 | (layer2/3) +----+-----+ | +----+-----+ | Switch 2 | +----+-----+ | +----------+----------+ +-------------------------+ Switch 3 +-------------------------+ | +----+-----------+----+ | | | | | | | | | | eth0 (B0:B0:B0:B0:B0:B0) | | eth4 (B4:B4:B4:B4:B4:B4) | | +----+-----------+----+ | | | Host B | | | +----+-----------+----+ | | eth1 (B1:B1:B1:B1:B1:B1) | | eth5 (B5:B5:B5:B5:B5:B5) | | | | | | | | | +------------------------------+ +------------------------------+ Topology overview Host A has a single NIC. Host B has four NICs which are bonded using the balance-alb mode. Both hosts run RHEL 6.0, and both are on the same IPv4 subnet. Traffic analysis Host A is sending data to Host B using some SQL database application. Traffic from Host A to Host B: The source int/MAC is eth0/AA:AA:AA:AA:AA:AA, the destination int/MAC is eth5/B5:B5:B5:B5:B5:B5. Traffic from Host B to Host A: The source int/MAC is eth0/B0:B0:B0:B0:B0:B0, the destination int/MAC is eth0/AA:AA:AA:AA:AA:AA. Once the TCP connection has been established, Host B sends no further frames out eth5. The MAC address of eth5 expires from the bridge tables of both Switch 1 & Switch 2. Switch 1 continues to receive frames from Host A which are destined for B5:B5:B5:B5:B5:B5. Because Switch 1 and Switch 2 no longer have bridge table entries for B5:B5:B5:B5:B5:B5, they flood the frames out all ports on the same VLAN (except for the one it came in on, of course). Reproduce If you ping Host B from a workstation which is connected to either Switch 1 or 2, B5:B5:B5:B5:B5:B5 re-enters the bridge tables and the flooding stops. After five minutes (the default bridge table timeout), flooding resumes. Question It is clear that on Host B, frames arrive on eth5 and exit out eth0. This seems ok as that's what the Linux bonding algorithm is designed to do - balance incoming and outgoing traffic. But since the switch stops receiving frames with the source MAC of eth5, it gets timed out of the bridge table, resulting in flooding. Is this normal? Why aren't any more frames originating from eth5? Is it because there is simply no other traffic going on (the only connection is a single large data transfer from Host A)? I've researched this for a long time and haven't found an answer. Documentation states that no switch changes are necessary when using mode 6 of the Linux interface bonding (balance-alb). Is this behavior occurring because Host B doesn't send any further packets out of eth5, whereas in normal circumstances it's expected that it would? One solution is to setup a cron job which pings Host B to keep the bridge table entries from timing out, but that seems like a dirty hack.

    Read the article

  • Deactivate SYN flooding mechanism

    - by mlaug
    I am running a server that is running a service on port 59380. There are more than 1000 machines out there connecting to that service. Once I need to restart the service all those machines are connecting at the same time. That made some trouble as I have seen that log entry in kern.log TCP: Possible SYN flooding on port 59380. *Sending cookies*. Check SNMP counters. So I changed sysctl net.ipv4.tcp_syncookies to 0 because the endpoints to not handle tcp syn cookies correctly. Finally I restarted my network to get the changes in production Next time I had to restart the service, the following message was logged TCP: Possible SYN flooding on port 59380. *Dropping request*. Check SNMP counters. How can I prevent the system for doing such actions? All necessary counter measures are done by iptables...

    Read the article

  • SYN flooding still a threat to servers?

    - by Rob
    Well recently I've been reading about different Denial of Service methods. One method that kind of stuck out was SYN flooding. I'm a member of some not-so-nice forums, and someone was selling a python script that would DoS a server using SYN packets with a spoofed IP address. However, if you sent a SYN packet to a server, with a spoofed IP address, the target server would return the SYN/ACK packet to the host that was spoofed. In which case, wouldn't the spoofed host return an RST packet, thus negating the 75 second long-wait, and ultimately failing in its attempt to DoS the server?

    Read the article

  • Is SYN flooding still a threat?

    - by Rob
    Well recently I've been reading about different Denial of Service methods. One method that kind of stuck out was SYN flooding. I'm a member of some not-so-nice forums, and someone was selling a python script that would DoS a server using SYN packets with a spoofed IP address. However, if you sent a SYN packet to a server, with a spoofed IP address, the target server would return the SYN/ACK packet to the host that was spoofed. In which case, wouldn't the spoofed host return an RST packet, thus negating the 75 second long-wait, and ultimately failing in its attempt to DoS the server?

    Read the article

  • Ping Flooding in router log

    - by Freeman
    I've had recently a period of repeated disconnections from my router with connection problems. I checked my router log I found several Ping Flooding entries all originating from the IP 69.171.227.232 which turned out to be one of Facebook IPs! I'm wondering what does that means? Can Facebook chat cause such a condition? My router is DLink dir 600 and the condition that devices were disconnected from router, not router from internet.. Connection is WAN And how to solve this router problem?? My wifi clients were about 3-5 at that time..

    Read the article

  • Disable error_log. Error_log flooding

    - by user36646
    Hello, i got an webserver running and old version of gambio (xt:commerce fork). The error_log in the dir over the public_html is flooding with errors. About 30mb in 15min. How can I disable this log? I can't fix all the errors. Here are a few examples of the errors: [warn] mod_fcgid: stderr: PHP Notice: Undefined variable: key in /usr/www/users/foo//includes/classes/class.inputfilter.php on line 98 [warn] mod_fcgid: stderr: PHP Notice: Undefined index: in /usr/www/users/foo/templ [warn] mod_fcgid: stderr: in /usr/www/users/foo/templates/gambio/source/inc/xtc_show_category_sectionc.inc.php on line 47 They are all errors of: "mod_fcgid: stderr". I tried to grep "error_log" and "error_report" in the public html dir, but i did not find anything. Here is a part from the phpinfo(): PHP Version 4.4.9 System Linux foobar.com 2.6.26-2-686-bigmem #1 SMP Sat Dec 26 09:26:36 UTC 2009 i686 Build Date Feb 11 2010 13:00:33 Configure Command './configure' '--prefix=/usr/local/php4' '--with-config-file-path=/etc/php4/cgi' '--with-gd' '--with-jpeg-dir' '--with-png-dir' '--with-tiff-dir' '--with-ttf' '--enable-force-cgi-redirect' '--enable-safe-mode' '--with-zlib' '--enable-ftp' '--enable-url-includes' '--enable-gd-native-ttf' '--enable-trans-sid' '--enable-dbase' '--with-db4' '--with-ldap' '--enable-bcmath' '--enable-calendar' '--enable-memory-limit' '--with-mcal=/usr' '--with-bz2' '--with-mod-dav' '--enable-sockets' '--with-kerberos' '--with-imap-ssl' '--enable-gd-imgstrttf' '--with-freetype-dir' '--with-curl' '--with-mysql' '--with-mhash' '--with-gdbm' '--with-pgsql' '--with-gettext' '--with-xml' '--with-mcrypt' '--with-openssl' '--with-dom' '--without-pear' '--enable-exif' '--with-zip' '--enable-wddx' '--disable-cli' '--enable-fastcgi' '--with-imap' '--enable-xslt' '--with-xslt-sablot=/usr/local/lib' '--enable-mbstring' '--with-dom-xslt' '--with-dom-exslt' Server API CGI/FastCGI Virtual Directory Support disabled Configuration File (php.ini) Path /home/httpd/php-ini/foo/php.ini PHP API 20020918 PHP Extension 20020429 Zend Extension 20050606 Debug Build no Zend Memory Manager enabled Thread Safety disabled Registered PHP Streams php, http, ftp, https, ftps, compress.bzip2, compress.zlib **Configuration PHP Core** Directive Local Value Master Value allow_call_time_pass_reference On On allow_url_fopen Off Off always_populate_raw_post_data Off Off arg_separator.input & & arg_separator.output & & asp_tags Off Off auto_append_file no value no value auto_prepend_file no value no value browscap no value no value default_charset no value no value default_mimetype text/html text/html define_syslog_variables Off Off disable_classes no value no value disable_functions no value no value display_errors On On display_startup_errors Off Off doc_root no value no value docref_ext no value no value docref_root no value no value enable_dl On On error_append_string no value no value error_log no value no value error_prepend_string no value no value error_reporting 2039 2039 expose_php On On extension_dir /usr/local/php4/lib/php/extensions/no-debug-non-zts-20020429 /usr/local/php4/lib/php/extensions/no-debug-non-zts-20020429 file_uploads On On gpc_order GPC GPC highlight.bg #FFFFFF #FFFFFF highlight.comment #FF8000 #FF8000 highlight.default #0000BB #0000BB highlight.html #000000 #000000 highlight.keyword #007700 #007700 highlight.string #DD0000 #DD0000 html_errors On On ignore_repeated_errors Off Off ignore_repeated_source Off Off ignore_user_abort Off Off implicit_flush Off Off include_path .:/usr/local/lib/php/ .:/usr/local/lib/php/ log_errors Off Off log_errors_max_len 1024 1024 magic_quotes_gpc On On magic_quotes_runtime Off Off magic_quotes_sybase Off Off max_execution_time 120 120 max_input_nesting_level 500 500 max_input_time -1 -1 memory_limit 128000000 128000000 open_basedir /usr/www/users/foo:/usr/home/foo:/tmp:/usr/local/lib/php:/usr/local/rmagic:/usr/www/users/he/_system_ /usr/www/users/foo:/usr/home/foo:/tmp:/usr/local/lib/php:/usr/local/rmagic:/usr/www/users/he/_system_ output_buffering no value no value output_handler no value no value post_max_size 128000000 128000000 precision 14 14 register_argc_argv On On register_globals Off Off report_memleaks On On safe_mode Off Off safe_mode_exec_dir no value no value safe_mode_gid Off Off safe_mode_include_dir no value no value sendmail_from no value no value sendmail_path /usr/sbin/sendmail -t /usr/sbin/sendmail -t serialize_precision 100 100 short_open_tag On On SMTP localhost localhost smtp_port 25 25 sql.safe_mode Off Off track_errors Off Off unserialize_callback_func no value no value upload_max_filesize 128000000 128000000 upload_tmp_dir /usr/foo/foo/.tmp /usr/foo/.tmp user_dir no value no value variables_order EGPCS EGPCS xmlrpc_error_number 0 0 xmlrpc_errors Off Off y2k_compliance Off Off

    Read the article

  • serving mp3s to mobile devices is flooding nginx with partial requests

    - by drumfire
    I am serving mp3s with a minimalistic nginx server. What I see in my log files is that there are a lot of requests, in particular from AppleCoreMedia and sometimes Android useragents, that flood the server with short requests. Sometimes they keep requesting to download the same partial content for a very long time; sometimes more than an hour. For example: "GET /somefile.mp3 HTTP/1.1" 206 33041 "AppleCoreMedia/1.0.0.9B206 (iPhone; U; CPU OS 5_1_1 like Mac OS X; en_us)" "GET /somefile.mp3 HTTP/1.1" 206 33041 "AppleCoreMedia/1.0.0.9B206 (iPhone; U; CPU OS 5_1_1 like Mac OS X; en_us)" "GET /somefile.mp3 HTTP/1.1" 206 33041 "AppleCoreMedia/1.0.0.9B206 (iPhone; U; CPU OS 5_1_1 like Mac OS X; en_us)" [...] I also get a lot, but not as much, of these: "-" 400 0 "-" "-" 400 0 "-" The IP addresses are always from clients that start downloading shortly after that request, usually they have roughly the same UserAgent as in the first example. emphasized text I have enabled server throttling and connection limits in nginx to limit the huge amount of log entries from equivalent IPs at least somewhat. There was a performance issue when I saw the same behaviour on the previous server that used Apache. I installed nginx on a better server then moved the site. When Apache could not handle more connections from the increasing number of clients effectively that server was ddossed. There was no bandwidth issue with already connected clients and I don't know if the already connected clients were using more than one connection at a time. Please tell me: Are clients that appear to get stuck on a download a Bad Thing™ I heard people say their mobile bandwidth use was much higher than they could account for. I'm thinking this type of client behaviour can account for that. And costs us more bandwidth too. Which up to date alternatives exist out there that can handle serving this type of data better than plain HTTP? Useful general insights for someone who just came into this field straight out of the late 90s. :-)

    Read the article

  • SYN flooding still a threat to servers?

    - by Rob
    Well recently I've been reading about different Denial of Service methods. One method that kind of stuck out was SYN flooding. I'm a member of some not-so-nice forums, and someone was selling a python script that would DoS a server using SYN packets with a spoofed IP address. However, if you sent a SYN packet to a server, with a spoofed IP address, the target server would return the SYN/ACK packet to the host that was spoofed. In which case, wouldn't the spoofed host return an RST packet, thus negating the 75 second long-wait, and ultimately failing in its attempt to DoS the server?

    Read the article

  • How to disable Hibernate flooding logs

    - by Warlei
    Hibernate is flooding my IDE console with tons of unnecessary informations at every connection. I already read out the documentation and googled trying to solve this issue but till now the problem "persists". My persistence.xml: ... ... My log4j.xml: ... ... I have no other log4j configuration in my project and even in my environment. Anyone there figured out how to disable the Hibernate console logs? Maybe has something I didn´t understand? I'm using Hibernate 3.5, Tomcat 6.0 and Eclipse 3.3. Thanks in advance.

    Read the article

  • Java Socket Connection is flooding network OR resulting in high ping

    - by user1461100
    i have a little problem with my java socket code. I'm writing an android client application which is sending data to a java multithreaded socket server on my pc through direct(!) wireless connection. It works fine but i want to improve it for mobile applications as it is very power consuming by now. When i remove two special lines in my code, the cpu usage of my mobile device (htc one x) is totally okay but then my connection seems to have high ping rates or something like that... Here is a server code snippet where i receive the clients data: while(true) { try { .... Object obj = in.readObject(); if(obj != null) { Class clazz = obj.getClass(); String className = clazz.getName(); if(className.equals("java.lang.String")) { String cmd = (String)obj; if(cmd.equals("dc")) { System.out.println("Client "+id+" disconnected!"); Server.connectedClients[id-1] = false; break; } if(cmd.substring(0,1).equals("!")) { robot.keyRelease(PlayerEnum.getKey(cmd,id)); } else { robot.keyPress(PlayerEnum.getKey(cmd,id)); } } } } catch .... Heres the client part, where i send my data in a while loop: private void networking() { try { if(client != null) { .... out.writeObject(sendQueue.poll()); .... } } catch .... when i write it this why, i send data everytime the while loop gets executed.. when sendQueue is empty, a null "Object" will be send. this results in "high" network traffic and in "high" cpu usage. BUT: all send comments are received nearly immediately. when i change the code to following: while(true) ... if(sendQueue.peek() != null) { out.writeObject(sendQueue.poll()); } ... the cpu usage is totally okay but i'm getting some laggs.. the commands do not arrive fast enough.. as i said, it works fine (besides cpu usage) if i'm sending data(with that null objects) every while execution. but i'm sure that this is very rough coding style because i'm kind of flooding the network. any hints? what am i doing wrong?? Thanks for your Help! Sincerly yours, maaft

    Read the article

  • Logout exception flooding elmah

    - by durilai
    I am using ASP.NET membership, and in particular a copy of the membership code included in the MVC project. I am also using elmah to log exceptions. I am getting flooded with the following when people sign out. System.Web.HttpException: Server cannot set status after HTTP headers have been sent. Here is the stack trace sent System.Web.HttpException: Server cannot set status after HTTP headers have been sent. at System.Web.HttpResponse.set_StatusCode(Int32 value) at System.Web.HttpResponseWrapper.set_StatusCode(Int32 value) at System.Web.Mvc.HandleErrorAttribute.OnException(ExceptionContext filterContext) at System.Web.Mvc.ControllerActionInvoker.InvokeExceptionFilters(ControllerContext controllerContext, IList`1 filters, Exception exception) at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) at System.Web.Mvc.Controller.ExecuteCore() at System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) at System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestContext requestContext) at System.Web.Mvc.MvcHandler.<>c__DisplayClass8.<BeginProcessRequest>b__4() at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass1.<MakeVoidDelegate>b__0() at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass8`1.<BeginSynchronous>b__7(IAsyncResult _) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.End() at System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) I cannot seem to find any reason for this. It is not causing an issue for end users, but would still like to resolve/learn about it. Thanks for any help or guidance.

    Read the article

  • Stange stream of HTTP GET requests in apache logs, from amazon ec2 instances

    - by Alexandre Boeglin
    I just had a look at my apache logs, and I see a lot of very similar requests: GET / HTTP/1.1 User-Agent: curl/7.24.0 (i386-redhat-linux-gnu) libcurl/7.24.0 \ NSS/3.13.5.0 zlib/1.2.5 libidn/1.18 libssh2/1.2.2 Host: [my_domain].org Accept: */* there's a steady stream of those, about 2 or 3 per minute; they all request the same domain and resource (there are slight variations in user agent version numbers); they come form a lot of different IPv4 and IPv6 addresses, in blocs that belong to amazon ec2 (in Singapore, Japan, Ireland and the USA). I tried to look for an explanation online, or even just similar stories, but couldn't find any. Has anyone got a clue as to what this is? It doesn't look malicious per say, but it's just annoying me, and I couldn't find any more information about it. I first suspected it could be a bot checking if my server is still up, but: I don't remember subscribing to such a service; why would it need to check my site twice every minute; why doesn't it use a clearly identifying fqdn. Or, should I send this question to amazon, via their abuse contact? Thanks!

    Read the article

  • Protect me from this perl syn flood script [closed]

    - by Luka
    Possible Duplicate: How to best defend against a “slowloris” DOS attack against an Apache web server? As everybody here I was interested in hacking in a period of time, using a perl scripts. CSF is protecting me from every perl script which can make damage. But not from this one here: http://pastebin.com/CfRiSVkQ It's Syn Flood script, when I attack my dedicated server from another dedicated with 100MBPS link csf is detecting the attack and he always block attackers address but I am flooded and sites are down, I get email from csf, but attack is still damaging sites! Then I need to restart httpd, csf and sites are online again...

    Read the article

  • outgoing DNS flood targeted to non-ISP hosts

    - by radudani
    Below is the specific traffic monitored at the network perimeter and originating from a user PC on Vista platform; my question is not about the effects of the flood, but about the nature of the source of it; is this a kind of known infection, or just an application went out of control? a standard NOD32 scan didn't find anything, as the user told me; Thank you for any hint, Danny 14:40:10.115876 IP 192.168.7.42.4122 67.228.0.181.53: S 2742536765:2742536765(0) win 16384 14:40:10.115943 IP 192.168.7.42.4124 67.228.181.207.53: S 3071079888:3071079888(0) win 16384 14:40:10.116015 IP 192.168.7.42.4126 67.228.0.181.53: S 3445199428:3445199428(0) win 16384 14:40:10.116086 IP 192.168.7.42.4128 67.228.181.207.53: S 2053198691:2053198691(0) win 16384 14:40:10.116154 IP 192.168.7.42.4130 67.228.0.181.53: S 2841660872:2841660872(0) win 16384 14:40:10.116222 IP 192.168.7.42.4132 67.228.181.207.53: S 3150822465:3150822465(0) win 16384 14:40:10.116290 IP 192.168.7.42.4134 67.228.0.181.53: S 1692515021:1692515021(0) win 16384 14:40:10.116358 IP 192.168.7.42.4136 67.228.181.207.53: S 3358275919:3358275919(0) win 16384 14:40:10.116430 IP 192.168.7.42.4138 67.228.0.181.53: S 930184999:930184999(0) win 16384 14:40:10.116498 IP 192.168.7.42.4140 67.228.181.207.53: S 1504984630:1504984630(0) win 16384 14:40:10.116566 IP 192.168.7.42.4142 67.228.0.181.53: S 546074424:546074424(0) win 16384 14:40:10.116634 IP 192.168.7.42.4144 67.228.181.207.53: S 4241828590:4241828590(0) win 16384 14:40:10.116702 IP 192.168.7.42.4146 67.228.0.181.53: S 668634627:668634627(0) win 16384 14:40:10.116769 IP 192.168.7.42.4148 67.228.181.207.53: S 3768119461:3768119461(0) win 16384 14:40:10.117360 IP 192.168.7.42.4111 67.228.0.181.53: 12676 op8 Resp12*- [2128q][|domain] 14:40:10.117932 IP 192.168.7.42.4112 67.228.181.207.53: 44190 op7 NotAuth*|$ [29103q],[|domain] 14:40:10.118726 IP 192.168.7.42.4113 67.228.0.181.53: 49196 inv_q [b2&3=0xeea] [64081q] [28317a] [43054n] [23433au] Type63482 (Class 5889)? M-_^OSM-JM-m^_M-i.[|domain] 14:40:10.119934 IP 192.168.7.42.4114 67.228.181.207.53: 48131 updateMA Resp12$ [43850q],[|domain] 14:40:10.121164 IP 192.168.7.42.4115 67.228.0.181.53: 46330 updateM% [b2&3=0x665b] [23691a] [998q] [32406n] [11452au][|domain] 14:40:10.121866 IP 192.168.7.42.4116 67.228.181.207.53: 34425 op7 YXRRSet* [39927q][|domain] 14:40:10.123107 IP 192.168.7.42.4117 67.228.0.181.53: 56536 notify+ [b2&3=0x27e6] [59761a] [23005q] [33341n] [29705au][|domain] 14:40:10.123961 IP 192.168.7.42.4118 67.228.181.207.53: 19323 stat% [b2&3=0x14bb] [32491a] [41925q] [2038n] [5857au][|domain] 14:40:10.132499 IP 192.168.7.42.4119 67.228.0.181.53: 50432 updateMA+ [b2&3=0x6bc2] [10733a] [9775q] [46984n] [15261au][|domain] 14:40:10.133394 IP 192.168.7.42.4120 67.228.181.207.53: 2171 notify Refused$ [26027q][|domain] 14:40:10.134421 IP 192.168.7.42.4121 67.228.0.181.53: 25802 updateM NXDomain*-$ [28641q][|domain] 14:40:10.135392 IP 192.168.7.42.4122 67.228.181.207.53: 2073 updateMA+ [b2&3=0x6d0b] [43177a] [54332q] [17736n] [43636au][|domain] 14:40:10.136638 IP 192.168.7.42.4123 67.228.0.181.53: 15346 updateD+% [b2&3=0x577a] [61686a] [19106q] [15824n] [37833au] Type28590 (Class 64856)? [|domain] 14:40:10.137265 IP 192.168.7.42.4124 67.228.181.207.53: 60761 update+ [b2&3=0x2b66] [43293a] [53922q] [23115n] [11349au][|domain] 14:40:10.148122 IP 192.168.7.42.4125 67.228.0.181.53: 3418 op3% [b2&3=0x1a92] [51107a] [60368q] [47777n] [56081au][|domain]

    Read the article

  • iptables rules for botnet (UDP flood) protection

    - by Petar Simeonov
    I'm currently experiencing a massive UDP attack on my server. I host a couple of gameservers, mainly Tf2, CS:GO, CS 1.6 and CS:Source, and my 1.6 server is being flooded. I tried different rules in iptables, but none of them seemed to work. I'm on a 100mbps bandwidth tariff, but the flood i receive is 500+mbps. This is the log of the latest tcpdump - http://pastebin.com/HSgFVeBs Packet length varies throughout the day. Only my gameserver ports are being flooded - 27015, 27016, 27018 via UDP packets. Are there any iptables rules, that might prevent this?

    Read the article

1 2 3 4  | Next Page >