Re: [PLUG] SYN attacks?

George Theall on 14 Feb 2004 03:50:03 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] SYN attacks?

From: George Theall <theall@tifaware.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] SYN attacks?

Date: Fri, 13 Feb 2004 22:49:39 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.4.2i

On Fri, Feb 13, 2004 at 09:34:50PM -0500, Kevin Brosius wrote: > I haven't analyzed the incoming traffic, beyond noting the heavy load, > doing a netstat, and seeing the kernel mention "possible SYN flooding on > port 80". What's the best way to check that? Looks like you have SYN cookies enabled in your kernel and it's sending out cookies in response to a high amount of traffic to your web server. You said you're using iptables to block traffic, right? If you haven't done so already, add a rule to log traffic from that host, perhaps with rate limit. George -- theall@tifaware.com
Attachment: pgpUcr4lOw7rc.pgp
Description: PGP signature

References:

Re: [PLUG] SYN attacks?
From: Kevin Brosius <cobra@compuserve.com>

Prev by Date: Re: [PLUG] Samba/DNS question

Next by Date: Re: [PLUG] Samba/DNS question

Previous by thread: Re: [PLUG] SYN attacks?

Next by thread: Re: [PLUG] SYN attacks?

Index(es):

Date

Thread