> alleged SYN flooing occured.
>
> In my case, I'm pretty sure it's not an attack.
>
> Probably caused by some race/missing kfree_skb in the kernel, who knows.
>
> Anyway, some data. First what a stuck socket looks like:
>
> tcp 0 0 163.1.138.204:14090 0.0.0.0:* CLOSE
> on (1.83/0)
> tcp 0 0 163.1.138.204:26702 0.0.0.0:* CLOSE
> on (6.44/0)
> tcp 0 0 163.1.138.204:27274 0.0.0.0:* CLOSE
> on (3.58/0)
> tcp 0 0 163.1.138.204:27857 0.0.0.0:* CLOSE
> on (2.82/0)
> tcp 0 0 163.1.138.204:29004 0.0.0.0:* CLOSE
> on (6.54/0)
>
> And the messages from the kernel:
>
> Warning: possible SYN flood from 195.96.18.181 on 163.1.138.204:14090.
> Sending cookies.
> Warning: possible SYN flood from 195.96.18.181 on 163.1.138.204:26616.
> Sending cookies.
> Warning: possible SYN flood from 195.96.18.181 on 163.1.138.204:26937.
> Sending cookies.
>
> [etc.]
>
I see this daily from a particular mail server out on the net that sends
me a good deal of traffic. In my case I happen to know the admins of that
system and know they are not attacking me, I have simply been ignoring the
messages. That system is running 2.0.32.
George Bonser
Just be thankful that Microsoft does not manufacture pharmaceuticals.
http://www.debian.org
Debian/GNU Linux ... the maintainable operating system.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu