Re: pre-patch-2.0.30-2 SYN stuff

Eric.Schenk@dna.lth.se
Wed, 09 Apr 1997 07:00:59 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dan St.Andre': "/dev/fd0 causes Kernel PANIC, stalled system, permanent D-wait"
Previous message: Chris Dee: "P6 bug?!"
Maybe in reply to: Jeff Garzik: "pre-patch-2.0.30-2 SYN stuff"
Next in thread: zero cool: "Re: SYN flood attack in progress (pre2.0.30-2)"
Reply: zero cool: "Re: SYN flood attack in progress (pre2.0.30-2)"

Jeff Garzik <jeff.garzik@spinne.com> writes:
>I got 44 of these 2 days ago, then another 35 more.
>
> Warning: possible SYN flooding. Sending cookies.
>
>I'm running 2.0.30-2 on P90/128MB/PCI/EIDE/SCSI2 system. Seems to me
>that SYN floods should either generate just a few messages, or quite a
>few. I doubt somebody is SYN-flooding me 79 individual times, so what
>does this message really mean?

This message means that your tcp backlog for some port got full
and another connection came in. Note that linux only logs at most
one of these a minute to avoid filling your system logs totally with
the warning. Check the time stamps, if they are about a minute apart
they you may be getting flooding for short periods.

>Is there a network problem that might
>trigger this?

Yes, if you normally get a fairly large number of connections coming
in and you get asymetric routing losses so that your responses to these
connections get lost, then this will simulate a SYN flood quite nicely.

-- 
Eric Schenk                               www: http://www.dna.lth.se/~erics
Dept. of Comp. Sci., Lund University          email: Eric.Schenk@dna.lth.se
Box 118, S-221 00 LUND, Sweden   fax: +46-46 13 10 21  ph: +46-46 222 96 38

Next message: Dan St.Andre': "/dev/fd0 causes Kernel PANIC, stalled system, permanent D-wait"
Previous message: Chris Dee: "P6 bug?!"
Maybe in reply to: Jeff Garzik: "pre-patch-2.0.30-2 SYN stuff"
Next in thread: zero cool: "Re: SYN flood attack in progress (pre2.0.30-2)"
Reply: zero cool: "Re: SYN flood attack in progress (pre2.0.30-2)"