syn flood attacked?
Hello list,
I have a heavy smtp server and recently I got a lot messages like
May 17 22:53:24 ms2 kernel: possible SYN flooding on port 25. Sending cookies.
May 17 22:54:25 ms2 kernel: possible SYN flooding on port 25. Sending cookies.
May 17 22:55:25 ms2 kernel: possible SYN flooding on port 25. Sending cookies.
May 17 22:56:25 ms2 kernel: possible SYN flooding on port 25. Sending cookies.
May 17 22:57:25 ms2 kernel: possible SYN flooding on port 25. Sending cookies.
May 17 23:03:11 ms2 kernel: possible SYN flooding on port 25. Sending cookies.
When I use netstat to grep the smtp connection, I lots of
ms2:~# netstat -ant | grep SYN_RECV | wc -l
2539
Am I being syn flood attacked? How can I get rid of this?
--
Patrick Hsieh <pahud@pahud.net>
GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: