xxx.xxx.xxx.xx was blocked as destination due to multiple/spoofed-source inbound SYN attack.
IP will be unblocked once attack has ended. Below is a
small sample of the data capture.
Skip RS-NOC

8 2003-08-28 02:14:56.1918 145.197.190.253 -> xxx.xxx.xxx.xx TCP 55274 > 80
[SYN] Seq=674775408 Ack=0 Win=16384 Len=0
9 2003-08-28 02:14:56.1918 145.197.191.10 -> xxx.xxx.xxx.xx TCP 55274 > 80
[SYN] Seq=674775421 Ack=0 Win=16384 Len=0
10 2003-08-28 02:14:56.1918 145.197.191.6 -> xxx.xxx.xxx.xx TCP 55274 > 80
[SYN] Seq=674775417 Ack=0 Win=16384 Len=0
12 2003-08-28 02:14:56.1918 63.229.107.98 -> xxx.xxx.xxx.xx TCP 27916 > 80
[SYN] Seq=674781887 Ack=0 Win=16384 Len=0
13 2003-08-28 02:14:56.1918 63.229.107.99 -> xxx.xxx.xxx.xx TCP 27916 > 80
[SYN] Seq=674781888 Ack=0 Win=16384 Len=0

the xxx.xxx.xxx.xx is my IP address

what should I do to stop this attach?
any one can help me?

thanks!

a firewall of some sort? apf perhaps......

Thanks! and I will try that sometime today!
but can it stop attack once for all?
or this said attack can not be stoped?

A firewall wont stop you from getting unplugged. Nor will it stop the attack.

that's bad news! but thanks anyway!

Its a DOS attack, means it has to be stopped, but cannot be.

so wait until the attack is stopped, may be rackshack will unplug the server for a short while

Yes, here is what I got from RS after attack stoped.

The Trouble Ticket assigned to your server has been taken care of due to either the Attack being over, or the fact we may have been able to blockthe Attacker.

------------------------
Attack over
IP unblocked
escalation closed
------------------------


thanks for reply!

Enjoy

I will have a drink on behalf of you