Well, it's still going on, and is pretty much ruining Libero :( .
Running CentOS 6, here.
Actually, I think from what I'm seeing that it may not exactly be a
synflood targeting Libero. I think Libero may be being (ab)used to do
massive portscanning or similar.
Image should be visible below - it's normal statistics for the 18th
through say, part of the 21st, messed up 22ed - 24th and on the 24th
me trying different things in an attempt to mitigate (graph is from
yesterday). Look at the SYN_SENT2 maximum.
When it's happening it can look like this:
# netstat -n | grep -c SYN
17696
#
Also one tiny part of the netstat looked like this:
tcp 0 1 64.113.32.29:33354 <external IP
munged>:81 SYN_SENT
tcp 0 1 64.113.32.29:39659 <external IP
munged>:8888 SYN_SENT
tcp 0 1 64.113.32.29:44247 <external IP
munged>:87 SYN_SENT
tcp 0 1 64.113.32.29:42038 <external IP
munged>:8888 SYN_SENT
tcp 0 1 64.113.32.29:42077 <external IP
munged>:83 SYN_SENT
tcp 0 1 64.113.32.29:36282 <external IP
munged>:8888 SYN_SENT
tcp 0 1 64.113.32.29:46023 <external IP
munged>:8888 SYN_SENT
Port 8888 is supposedly opened up for listen by a virus.