Re: kernel message : Possible flooding ???

To: debian-user@lists.debian.org, ddionne@phy.ulaval.ca
Subject: Re: kernel message : Possible flooding ???
From: "Rik Johns" <debian1@hotmail.com>
Date: Wed, 19 Nov 1997 22:04:00 PST
Message-id: <19971120060401.4925.qmail@hotmail.com>

>From debian-user-request@lists.debian.org Wed Nov 19 19:30:15 1997
>Received: (qmail 23137 invoked by uid 38); 20 Nov 1997 03:25:23 -0000
>Resent-Date: 20 Nov 1997 03:25:23 -0000
>Resent-Cc: recipient list not shown: ;
>X-Envelope-Sender: ddionne@phy.ulaval.ca
>Received: (qmail 23099 invoked from network); 20 Nov 1997 03:25:20 
-0000
>Received: from phy-einstein.ulaval.ca (HELO einstein.phy.ulaval.ca) 
(phy-einstein.ulaval.ca@132.203.2.9)
>  by 205.229.104.5 with SMTP; 20 Nov 1997 03:25:20 -0000
>Received: from astrosun by einstein.phy.ulaval.ca (SMI-8.6/SMI-SVR4)
>	id WAA03432; Wed, 19 Nov 1997 22:29:26 -0500
>Received: from cygnus.phy.ulaval.ca by astrosun (SMI-8.6/SMI-SVR4)
>	id WAA22474; Wed, 19 Nov 1997 22:29:15 -0500
>Received: from localhost by cygnus.phy.ulaval.ca (SMI-8.6) id WAA18923; 
Wed, 19 Nov 1997 22:29:24 -0500
>Date: Wed, 19 Nov 1997 22:29:24 -0500 (EST)
>From: Dany Dionne <ddionne@phy.ulaval.ca>
>X-Sender: ddionne@cygnus
>To: debian-user@lists.debian.org
>Subject: kernel message : Possible flooding ???
>Message-ID: <Pine.SOL.3.96.971119221830.18655B-100000@cygnus>
>MIME-Version: 1.0
>Content-Type: TEXT/PLAIN; charset=US-ASCII
>Resent-Message-ID: <"6RrRJ.A.JpF.i26c0"@debian>
>Resent-From: debian-user@lists.debian.org
>X-Mailing-List: <debian-user@lists.debian.org> archive/latest/18862
>X-Loop: debian-user@lists.debian.org
>Precedence: list
>Resent-Sender: debian-user-request@lists.debian.org
>
>Hi,
>In the file /var/log/kern.log, I have the message like that :
>
>Nov 18 05:08:49 poynting last message repeated 2 times
>Nov 18 05:10:50 poynting kernel: Warning: possible SYN flooding. 
Sending
>cookies.
>Nov 18 05:10:59 poynting kernel: Warning: possible SYN flooding. 
Sending
>cookies.
>Nov 18 05:10:59 poynting kernel: validated probe(3103d184, 5a4ccb84,
>33166, 20100, 1878646017)
>
>This message is repeated a lot of time. What is the meaning of this
>message? This week, a user (we actively search him) use our server to
>attack and crash a other server on the net. Today, our own server 
crash.
>We think that the crash was a strike back. So, the kernel message about 
a
>possible flooding could be related to our hacker war?
>
>Dany Dionne
>Physics Department
>Laval University
>Canada
>
Dany, sure looks like a syn-flood attack, take a look in tcpdump and
See if it gave a legit address. BTW: is this on the Irc???..Rik...
>TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
>debian-user-request@lists.debian.org . 
>Trouble?  e-mail to templin@bucknell.edu .
>
>

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Prev by Date: Re: change IP
Next by Date: Re: laptop problems
Previous by thread: kernel message : Possible flooding ???
Next by thread: change IP
Index(es):
- Date
- Thread