- Eric Dahnke <[EMAIL PROTECTED]>:
| And I've got 759 kernel warning possible SYN flood from (always
| unique IPs) on our.mail.server.com since sometime early on the 21st.
|
| Is this really a DoS attack, and if so how can we stop it?
Sounds like it. If you can get your hands on the router, or can talk
to someone who can, block access from the offending IP in the router
itself.
Since you have linux, I believe it is possible to compile support for
SYN cookies into the kernel, which is considered a reasonable defense
against SYN flooding attacks. Ask on some Linux related list, unless
you find it in your docs already.
- Harald
