Results 1 to 4 of 4

Thread: Wowza SYN Flood

  1. #1
    Join Date
    Jun 2015
    Posts
    3

    Unhappy Wowza SYN Flood

    Hi all,
    My Wowza Streaming Server is running a chat application. Recently, I'm receiving too many SYN_RECV connections on Wowza port 1935, which flood Wowza and make it out of service after few minutes. Wowza log look like this:

    INFO session disconnect 1952441416 -
    INFO session disconnect 1955240045 -
    INFO session disconnect 167151322 -
    INFO session disconnect 1813218272 -
    INFO session disconnect 382043424 -
    INFO session disconnect 1634799669 -
    INFO session disconnect 434196140 -
    INFO session disconnect 208142553 -
    INFO session disconnect 312967955 -
    INFO session disconnect 1030735855 -
    INFO session disconnect 532994105 -
    INFO session disconnect 934484918 -
    INFO session disconnect 1359350164 -
    INFO session disconnect 937454906 -
    INFO session disconnect 1952307730 -
    INFO session disconnect 1206270288 -
    INFO session disconnect 1876885468 -
    INFO session disconnect 473147894 -
    INFO session disconnect 711912881 -
    INFO session disconnect 1059933984 -
    INFO session disconnect 943715611 -
    INFO session disconnect 608807573 -
    INFO session disconnect 114624773 -
    INFO session disconnect 1316608946 -
    INFO session disconnect 916030303 -
    INFO session disconnect 442604681 -
    INFO session disconnect 1907610605 -
    INFO session disconnect 450414311 -
    INFO session disconnect 1970855212 -
    INFO session disconnect 2023976249 -
    INFO session disconnect 641520525 -

    I tried to debug and detect these floods using netstat:

    netstat -npt | awk '{print $6}' | sort | uniq -c | sort -nr | head
    154 ESTABLISHED
    116 SYN_RECV
    113 LAST_ACK
    44 CLOSE_WAIT
    2 FIN_WAIT1
    1 TIME_WAIT
    1 Foreign
    1

    The flood size is not very big so the firewall is not detecting it but still annoying Wowza and force it to go down.

    Can anybody help me in this problem??

  2. #2
    Join Date
    Jan 2015
    Posts
    357

    Default

    Hi,

    It would be best if you can send a ticket to us with a zip copy of the following folders from your Wowza installation so that we can further investigate.

    - conf/
    - logs/

    Michelle

  3. #3
    Join Date
    Jun 2015
    Posts
    3

    Default

    Hi,
    I have opened a ticket for support. They couldn't help me much, they suggested some iptables' rules which didn't work in my case.
    I manage to stop the problem partially by changing Wowza TCP port to some random value and using psad to prevent port scanning. psad helped me a lot in blocking hackers IP address automatically.

    Thanks anyway

  4. #4

    Default

    Thanks for updating this post and providing a worka around.

    Regards,

    Salvadore

Similar Threads

  1. wowza server is creating UDP flood on my network
    By free2lova in forum General Forum
    Replies: 2
    Last Post: 07-18-2014, 04:07 AM
  2. DoS Attack (UDP Flood)
    By Gordan Grgurina in forum General Forum
    Replies: 1
    Last Post: 12-10-2013, 10:09 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •