[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: syn flood attacked?



On Fri, May 17, 2002 at 11:44:16PM +0800, Patrick Hsieh wrote:
> Hello list,
> 
> I have a heavy smtp server and recently I got a lot messages like
> 
> May 17 22:53:24 ms2 kernel: possible SYN flooding on port 25. Sending cookies.
> May 17 22:54:25 ms2 kernel: possible SYN flooding on port 25. Sending cookies.
> May 17 22:55:25 ms2 kernel: possible SYN flooding on port 25. Sending cookies.
> May 17 22:56:25 ms2 kernel: possible SYN flooding on port 25. Sending cookies.
> May 17 22:57:25 ms2 kernel: possible SYN flooding on port 25. Sending cookies.
> May 17 23:03:11 ms2 kernel: possible SYN flooding on port 25. Sending cookies.
> 
> When I use netstat to grep the smtp connection, I lots of
> 
> ms2:~# netstat -ant | grep SYN_RECV | wc -l
>    2539
> 
> 
> Am I being syn flood attacked? How can I get rid of this?
Hello
In this case you are probably a target of a SYN Flood atack.
What you have to do is to compile your kernel with option with
protect_against_synflood (or something like this, but for sure in network
submenu). Make sure to read the help for this option because compiling it into
kernel isn't enough... (you have to issue a command 
echo 1 > /don't/remember/where ;) )


-- 
Michael "carstein" Melewski	 |	"One day, he said, in a taped segment	
carstein@poznan.linux.org.pl 	 |	 that suggested chemical interrogation,
mobile:	502 545 913		 |	 everything had gone gray."
gpg: carstein.c.pl/carstein.txt	 |	 -- Corto , 'Neuromancer'

Attachment: pgpYMYmL9Kead.pgp
Description: PGP signature


Reply to: