Carl Hartung wrote:
http://www.linuxquestions.org/questions/linux-networking-3/tcp-treason-unclo...
The IPs in the log messages on my server are not in BOGON networks. Most of them are from t-ipconnect.de and t-dialin.net. However the explanation sounds good and fits to my observations. I have also read some explanations that it might be kernel bug in kernel < 2.6.16 or just a defective router somewhere. But this would not explain the many apache processes. The only solution I have found is blocking the IPs with a cron job that greps dmesg and then sets iptables rules. But I guess this would be too slowly, because the attacks seem to be very short. Thank you, Magnum -- Carl Magnus Rosenbaum M.A. Administration - Programmierung - Weiterbildung http://cmr.cx/ Tel: +49 89 70066626 Fax: +49 89 70066686 Mobil: +49 163 7006662 PGP Fingerprint: DEBC 3C99 EF1D 74F0 D4C7 EFF5 C268 3690 0EA1 7641