how to drop existing connection ?

xserverx
xserverx used Ask the Experts™
on
Hello

I have ddos attack on my server from some little IPs but those Ips make too many connection on my apache
once I have block the Ip by Iptables I have the current connection from the same IP still exist for specify time doesn't dropped immediately
is there any tools or script or command  can help to drop all connections to apache from the blocked IP immediately ?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Hello,
If you type:
netstat -apn | grep EST
which shows established connections, you will probably see a lot of lines like (only example):
tcp        0      0 ::ffff:192.168.1.3:80       ::ffff:xxx.yyy.zzz.www:10191    ESTABLISHED 6471/httpd  
,where xxx.yyy.zzz.www is the remote address that is accessing your web server.This is because persistent connections are allowed in your apache configuration.To dissalow persistent connections, you should change the following line in your httpd.conf file:
KeepAlive On
to
KeepAlive Off
Now you shouldn't see these addresses in the output of netstat.
You also might keep the KeepAlive on for performance reasons and experiment with two other values in httpd.conf.To set number of persistent connection  to 5,you should modify line in httpd.conf to look like:
MaxKeepAliveRequests 5
You can also set the timeout for those connections by adding line (for 20 seconds ):
KeepAliveTimeout 20
Do not forget to restart httpd service after every change,as it needs restart to re-read the config file.











Author

Commented:
Hello
thank you for replay
I have done what you say but I have same problem
this is  what netstat -plan |grep 77.31.66.103 give :
anyidea ?

tcp        0  11681 173.193.210.120:80          77.31.66.103:46255          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:42926          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:26030          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:52881          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:52881          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:49809          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:28817          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:14737          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:57747          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:42643          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:33939          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:30869          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:14997          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:57748          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:55188          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:42644          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:42644          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:55447          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:54934          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:46230          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:34198          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:28054          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:28054          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:55193          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:55449          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:28057          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:53147          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:58010          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:54938          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:28314          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:26525          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:34972          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:28060          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:39839          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:28063          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:34974          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:28062          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:53121          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:29057          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:28289          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:14977          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:55680          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:30592          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:28288          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:28803          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:28547          FIN_WAIT1   -
tcp        0  11681 173.193.210.120:80          77.31.66.103:53378          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:42882          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:33922          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:40324          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:65159          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:42631          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:40583          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:14983          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:55430          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:49286          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:28294          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:42633          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:52872          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:40584          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:26251          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:57738          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:57997          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:57485          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:55181          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:42637          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:42125          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:26509          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:49804          FIN_WAIT1   -
tcp        0  11681 173.193.210.120:80          77.31.66.103:26252          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:52623          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:52623          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:39823          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:40079          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:30351          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:30863          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:35313          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:34289          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:65008          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:29680          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:46579          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:57843          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:15091          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:58098          FIN_WAIT1   -
tcp        0  11681 173.193.210.120:80          77.31.66.103:42485          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:55285          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:52980          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:49396          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:15092          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:34295          FIN_WAIT1   -
tcp        1  11681 173.193.210.120:80          77.31.66.103:15092          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:34295          FIN_WAIT1   -
tcp        0  11681 173.193.210.120:80          77.31.66.103:42487          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:49655          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:65271          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:30455          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:30455          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:46838          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:40441          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:52985          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:30969          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:65272          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:15096          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:42235          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:55291          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:30971          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:46586          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:65018          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:28154          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:65277          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:39932          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:40188          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:46844          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:55292          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:55292          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:34047          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:65278          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:28158          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:28414          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:42721          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:29664          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:47075          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:47075          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:53731          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:53475          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:49379          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:29411          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:26595          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:54754          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:65250          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:34279          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:52455          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:52455          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:35046          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:42982          FIN_WAIT1   -
tcp        1  11681 173.193.210.120:80          77.31.66.103:26342          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:35049          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:29417          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:35048          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:53480          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:35051          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:40426          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:52714          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:40429          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:65005          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:15341          FIN_WAIT1   -
tcp        0  11681 173.193.210.120:80          77.31.66.103:35052          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:53740          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:27628          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:42735          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:57583          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:15087          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:29167          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:30447          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:35054          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:57838          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:30958          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:26350          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:26606          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:46801          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:42960          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:35280          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:49616          FIN_WAIT1   -
tcp        0  11681 173.193.210.120:80          77.31.66.103:47314          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:57554          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:49618          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:15314          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:65237          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:30677          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:35284          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:52948          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:55252          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:42455          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:52951          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:34006          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:34262          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:40150          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:26582          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:34265          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:52953          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:42968          FIN_WAIT1   -
tcp        1  11681 173.193.210.120:80          77.31.66.103:40155          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:52955          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:26331          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:28123          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:53210          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:26074          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:57821          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:57565          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:55261          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:34012          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:40156          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:55260          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:33503          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:26591          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:28127          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:27871          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:34782          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:55262          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:28126          LAST_ACK    -
tcp        0  11681 173.193.210.120:80          77.31.66.103:35009          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:55489          LAST_ACK    -
tcp        1  11681 173.193.210.120:80          77.31.66.103:53441          LAST_ACK    -

Open in new window

Commented:
depending on your linux brand  try the following as root and wait 5-10 mins

sysctl net.inet.ip.fw.dyn_keepalive=0
If it if a Linux box, just add IPtables rule like this.

/sbin/iptables -I INPUT -p tcp --src 77.31.66.103 -j DROP

It will take care of your problem
Did you try restarting apache ?

Author

Commented:
any idea please ??

Commented:
are you using any firewall?
Are you sure that it's a DDoS attack? LAST_ACK, FIN_WAIT etc, are commons states when a tcp connection drop. LAST_ACK means that you have sent the FIN flag (closing connection) but didn't received any FIN/ACK flag. FIN_WAIT is a similar situation.

Author

Commented:
thank you for your help but I have
root@server [~]# sysctl net.inet.ip.fw.dyn_keepalive=0
error: "net.inet.ip.fw.dyn_keepalive" is an unknown key
root@server [~]#
I hope to help me to find the solution for this atatck in other topic

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial