On Fri, May 17, 2002 at 11:44:16PM +0800, Patrick Hsieh wrote: > Hello list, > > I have a heavy smtp server and recently I got a lot messages like > > May 17 22:53:24 ms2 kernel: possible SYN flooding on port 25. Sending cookies. > May 17 22:54:25 ms2 kernel: possible SYN flooding on port 25. Sending cookies. > May 17 22:55:25 ms2 kernel: possible SYN flooding on port 25. Sending cookies. > May 17 22:56:25 ms2 kernel: possible SYN flooding on port 25. Sending cookies. > May 17 22:57:25 ms2 kernel: possible SYN flooding on port 25. Sending cookies. > May 17 23:03:11 ms2 kernel: possible SYN flooding on port 25. Sending cookies. > > When I use netstat to grep the smtp connection, I lots of > > ms2:~# netstat -ant | grep SYN_RECV | wc -l > 2539 > > > Am I being syn flood attacked? How can I get rid of this? Hello In this case you are probably a target of a SYN Flood atack. What you have to do is to compile your kernel with option with protect_against_synflood (or something like this, but for sure in network submenu). Make sure to read the help for this option because compiling it into kernel isn't enough... (you have to issue a command echo 1 > /don't/remember/where ;) ) -- Michael "carstein" Melewski | "One day, he said, in a taped segment carstein@poznan.linux.org.pl | that suggested chemical interrogation, mobile: 502 545 913 | everything had gone gray." gpg: carstein.c.pl/carstein.txt | -- Corto , 'Neuromancer'
Attachment:
pgpltUhxFzUoI.pgp
Description: PGP signature