I saw the same thing on my 386, and I knew I wasn't being attacked, so I opted to not use that feature. From the Linux kernel mailing list FAQ: http://kernelfaq.iconsult.com/ 3.1.5.1. Warning: possible SYN flooding. Sending cookies. I got 44 of these 2 days ago, then another 35 more. Warning: possible SYN flooding. Sending cookies. This need not be an attack. It _does_ mean that your backlog has become full. This can be a consequence of crummy network connections between you and legitimate remote sites. If you normally don't see 67 connection attempts per second then it's probably an attack. My interpretation is that somebody has flooded the irc port to kill the server, am I right? What are the chances that this is not an attack, but just "one of those things?" It very much depends on how busy your irc port is and how bad network conditions are between you and the users of your irc. To really find out if you are being attacked you would need to start taking TCP dumps and look for streams of SYN packets with addresses that are unreachable. Large numbers of packets from the same unreachable address would be a give away. Answered by Eric Schenk <URL:mailto:Eric.Schenk@dna.lth.sh> I hope this helps... Cheers, - Jim
Attachment:
pgpV3VQ5zszUE.pgp
Description: PGP signature