DB and auth server down, syslog

07/24/2012 12:35 panikaa#1
Hi!
I have a problem with my server, this started yesterday.
Big problem in auth and DB server, I think it attacks DDoS.
Then I restarted the server, anyone can't login.
My syslog from auth:
Code:
SYSERR: Jul 24 12:23:26 :: AcceptDesc: max connection reached. MAX_ALLOW_USER = 4096
SYSERR: Jul 24 12:26:22 :: socket_accept: accept: Software caused connection abort (fd 12)
SYSERR: Jul 24 12:13:27 :: fdwatch_add_fd: fd overflow 4096
I have a ipfw firewall, I can copy rules:
Code:
IPF="ipfw -q add"
ipfw -q -f flush


#loopback
$IPF 101 allow all from any to any via em0
$IPF 102 allow all from any to 127.0.0.0/8
$IPF 103 deny all from 127.0.0.0/8 to any
$IPF 105 deny tcp from any to any frag

# statefull
$IPF 106 check-state
$IPF 107 allow tcp from any to any established
$IPF 108 allow all from any to any out keep-state
$IPF 109 allow icmp from any to any

# open port ftp (20,21), ssh (22), mail (25), dns (53) etc.

$IPF 10000 allow all from any to any via lo0
$IPF 20000 deny all from any to 127.0.0.0/8
$IPF 30000 deny all from 127.0.0.0/8 to any
$IPF 40000 allow all from any to any 
$IPF 40001 allow all from any to any 5525 in
$IPF 40002 allow all from any to any 5525 out
$IPF 120 allow tcp from any to any 80 in
$IPF 130 allow tcp from any to any 80 out
$IPF 140 allow all from any to any 3306 out
$IPF 300 allow all from any to any 3306 in
$IPF 354 allow all from any to any 9987 in
$IPF 355 allow all from any to any 9987 out
$IPF 354 allow all from any to any 10011 in
$IPF 355 allow all from any to any 30033 in
$IPF 356 allow all from any to any 10011 out
$IPF 357 allow all from any to any 30033 out





#M2 Ports

# open ports M2 Cores
# Auth Core

$IPF 120 allow tcp from any to any 11002 in
$IPF 130 allow tcp from any to any 11002 out

# CORE CH1

$IPF 140 allow tcp from any to any 13000 in
$IPF 150 allow tcp from any to any 13000 out
$IPF 160 allow tcp from any to any 13022 in
$IPF 170 allow tcp from any to any 13022 out
$IPF 180 allow tcp from any to any 13001 in
$IPF 190 allow tcp from any to any 13001 out

# CORE CH2

$IPF 280 allow tcp from any to any 16000 in
$IPF 290 allow tcp from any to any 16000 out
$IPF 300 allow tcp from any to any 16022 in
$IPF 310 allow tcp from any to any 16022 out
$IPF 320 allow tcp from any to any 16001 in
$IPF 330 allow tcp from any to any 16001 out


# CORE CH3

$IPF 400 allow tcp from any to any 18000 in
$IPF 410 allow tcp from any to any 18000 out
$IPF 420 allow tcp from any to any 18022 in
$IPF 430 allow tcp from any to any 18022 out
$IPF 440 allow tcp from any to any 18001 in
$IPF 450 allow tcp from any to any 18001 out

# CORE CH4

$IPF 500 allow tcp from any to any 20000 in
$IPF 510 allow tcp from any to any 20000 out
$IPF 520 allow tcp from any to any 20022 in
$IPF 530 allow tcp from any to any 20022 out
$IPF 540 allow tcp from any to any 20001 in
$IPF 550 allow tcp from any to any 20001 out

# deny Database Port

$IPF 620 allow all from *** to any 15000
$IPF 630 allow all from 127.0.0.0/8 to any 15000
$IPF 640 deny all from any to me 15000

# deny P2P Ports M2 Core
# Auth

$IPF 650 allow all from *** to any 12000
$IPF 660 allow all from 127.0.0.0/8 to any 12000
$IPF 670 deny all from any to me 12000

# P2P CH1

$IPF 680 allow all from *** to any 14000
$IPF 690 allow all from 127.0.0.0/8 to any 14000
$IPF 700 deny all from any to me 14000
$IPF 710 allow all from *** to any 14022
$IPF 720 allow all from 127.0.0.0/8 to any 14022
$IPF 730 deny all from any to me 14022
$IPF 740 allow all from *** to any 14001
$IPF 750 allow all from 127.0.0.0/8 to any 14001
$IPF 760 deny all from any to me 14001

# P2P CH2

$IPF 890 allow all from *** to any 17000
$IPF 900 allow all from 127.0.0.0/8 to any 17000
$IPF 910 deny all from any to me 17000
$IPF 920 allow all from *** to any 17022
$IPF 930 allow all from 127.0.0.0/8 to any 17022
$IPF 940 deny all from any to me 17000
$IPF 950 allow all from *** to any 17001
$IPF 960 allow all from 127.0.0.0/8 to any 17001
$IPF 970 deny all from any to me 17001



# P2P CH3

$IPF 1200 allow all from *** to any 19000
$IPF 1210 allow all from 127.0.0.0/8 to any 19000
$IPF 1220 deny all from any to me 19000
$IPF 1230 allow all from *** to any 19022
$IPF 1240 allow all from 127.0.0.0/8 to any 19022
$IPF 1250 deny all from any to me 19000
$IPF 1260 allow all from *** to any 19001
$IPF 1270 allow all from 127.0.0.0/8 to any 19001
$IPF 1280 deny all from any to me 19001


# P2P CH4

$IPF 1410 allow all from *** to any 21000
$IPF 1420 allow all from 127.0.0.0/8 to any 21000
$IPF 1430 deny all from any to me 21000
$IPF 1440 allow all from *** to any 21022
$IPF 1450 allow all from 127.0.0.0/8 to any 21022
$IPF 1460 deny all from any to me 21022
$IPF 1470 allow all from *** to any 21001
$IPF 1480 allow all from 127.0.0.0/8 to any 21001
$IPF 1490 deny all from any to me 21001

# deny and log everything
$IPF 1400 deny log all from any to any
In *** is my IP adress.
I search google but I can't find solutions :(.
07/24/2012 12:39 Eleyn#2
Hey ahm, so your problem is, your friends cant connect to your server? or you cant?
07/24/2012 12:42 panikaa#3
Quote:
Originally Posted by Eleyn View Post
Hey ahm, so your problem is, your friends cant connect to your server? or you cant?
Anyone can't connect to server, my friend and I too.
07/24/2012 12:47 Eleyn#4
Do you have Portmaps? and the right ports?
07/24/2012 12:48 panikaa#5
I don't have a portmap, this is root server. Dedicated.

Anyone?
11/04/2012 00:02 stσям™#6
SYSERR: Jul 24 12:23:26 :: AcceptDesc: max connection reached. MAX_ALLOW_USER = 4096
11/26/2012 11:14 flavioclimax#7
some one have the fix for this? :(