syn flood attacked?

To: debian-user@lsits.debian.org, debian-security@lists.debian.org
Subject: syn flood attacked?
From: Patrick Hsieh <pahud@pahud.net>
Date: Fri, 17 May 2002 23:44:16 +0800
Message-id: <[🔎] 20020517234022.2967.PAHUD@pahud.net>

Hello list,

I have a heavy smtp server and recently I got a lot messages like

May 17 22:53:24 ms2 kernel: possible SYN flooding on port 25. Sending cookies.
May 17 22:54:25 ms2 kernel: possible SYN flooding on port 25. Sending cookies.
May 17 22:55:25 ms2 kernel: possible SYN flooding on port 25. Sending cookies.
May 17 22:56:25 ms2 kernel: possible SYN flooding on port 25. Sending cookies.
May 17 22:57:25 ms2 kernel: possible SYN flooding on port 25. Sending cookies.
May 17 23:03:11 ms2 kernel: possible SYN flooding on port 25. Sending cookies.

When I use netstat to grep the smtp connection, I lots of

ms2:~# netstat -ant | grep SYN_RECV | wc -l
   2539


Am I being syn flood attacked? How can I get rid of this?


-- 
Patrick Hsieh <pahud@pahud.net>
GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: syn flood attacked?
  - From: Michal Melewski <mike@carstein.c.pl>

Prev by Date: RE: what this message means? is any allert?
Next by Date: gdm and pam_group problem
Previous by thread: RE: what this message means? is any allert?
Next by thread: Re: syn flood attacked?
Index(es):
- Date
- Thread