I've searched the forums on this and didn't really find anything, so I thought I'd throw this out to the community at large.
First off, I'm new to Astaro, having been an IPCop user for years and finally outgrown what it can really do. I have a couple of web servers running various sites, and one of them has been under a SYN Flood attack for several days (one reason I am moving away from IPCop is it doesn't deal well with these types of attacks). In my research it seemed that Astaro did.
I've turned on the TCP SYN Flood Protection on the IPS screen, on the source address, with limited logging and 10 packets per second on the source. When I look at the live IPS log, I'm getting 5-10 packets from different IPs, but reportedly from the same src mac address. I've told the IPS setup to drop the packets silently, as well.
I simply can't connect reliably to the site being attacked. I have three or four other sites with different private IP addresses that are blazing fast (compared to when they were behind IPCop), all on the same physical web server as well (I'm using Apache virtual name hosts).
Am I missing something that should be configured in my packet filters, or were my expectations too high for what this can do?
This thread was automatically locked due to age.
