ffff in netstat output, denial of service?

[postcd]

Hello, im pretty sure someone is dossing my VPS or a website on it.

the netstat sfows ffff port connections, but no IP behind it, it tried to disable ipv6 networking, but it still affect server?

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
netstat -tuna | awk -F':+| +' 'NR>2{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
127
127 ffff

i trimmed output to show only ffff result..
in /etc/sysconfig/network

is:

NETWORKING_IPV6="yes"
IPV6_DEFAULTDEV="venet0"

so i add to no, and restarted network service, change was preserver, then after reboot of VPS, it was ipv6 again. its openvz centos 5 vps.

// update, that networking probably wont work to be stopped i commented out ::1 line from /etc/hosts, but ffff connections still there

 

[postcd]

I tought it may be good try to disable IPv6 networking, so i did: grep -Rl "IPV6" /etc/sysconfig
and found interesting files, which i modified to look like:

# cat /etc/sysconfig/network
NETWORKING="yes"
GATEWAYDEV="venet0"
NETWORKING_IPV6="no"
IPV6INIT="no"
IPV6_DEFAULTDEV="venet0"
HOSTNAME="0101010"

# cat /etc/sysconfig/network-scripts/ifcfg-venet0
DEVICE=venet0
BOOTPROTO=static
ONBOOT=yes
ARPCHECK="no"
IPADDR=127.0.0.1
NETMASK=255.255.255.255
BROADCAST=0.0.0.0
ARPCHECK="no"
IPV6INIT="no"

then: service network restart
but i still seen this in /proc/net/nf_conntrack

ipv6 10 tcp 6 21 TIME_WAIT src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 sport=37288 dport=80 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 sport=80 dport=37288 [ASSURED] mark=0 secmark=0 use=2
ipv6 10 tcp 6 14 TIME_WAIT src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 sport=37258 dport=80 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 sport=80 dport=37258 [ASSURED] mark=0 secmark=0 use=2

someone advice to add:

# to disable IPv6 on all interfaces system wide
net.ipv6.conf.all.disable_ipv6 = 1

into /etc/sysctl.conf
and then execute: sysctl -p /etc/sysctl.conf