On Fri, 12 Nov 1999, Onno wrote: >At 09:37 PM 11/11/99 +0100, Ralf Nyren wrote:
>>In package iplogger there is a daemon, tcplogd, which logs incoming >>tcp-connection attempts to syslog. >> It seems that this daemon forks a child for every connection discovered and >>if for example the machine running tcplogd is syn-flooded there will be a >>lot of tcplogd's forked. >Do you mean that you didn't -compile- it in the kernel??? >(I'm not sure there is an option or not....) >Or that you didn't enable it (root# sysctl -w net/ipv4/tcp_syncookies=1) ??? You don't need to get a synflood, anyway. I suspect that even one or two portscan in a short time will be enough. (I think that that was the problem with our machine, when it ran 20x tcplogd, and there was a 74 load average...) :( Bye: Circum __ @ / \ _ _ Engárd Ferenc l | ( \ / | | (\/) mailto:[EMAIL PROTECTED] \__/ | | \_ \_/ I I http://pons.sote.hu/~s-fery