>From [EMAIL PROTECTED] Wed Nov 19 19:30:15 1997 >Received: (qmail 23137 invoked by uid 38); 20 Nov 1997 03:25:23 -0000 >Resent-Date: 20 Nov 1997 03:25:23 -0000 >Resent-Cc: recipient list not shown: ; >X-Envelope-Sender: [EMAIL PROTECTED] >Received: (qmail 23099 invoked from network); 20 Nov 1997 03:25:20 -0000 >Received: from phy-einstein.ulaval.ca (HELO einstein.phy.ulaval.ca) ([EMAIL PROTECTED]) > by 205.229.104.5 with SMTP; 20 Nov 1997 03:25:20 -0000 >Received: from astrosun by einstein.phy.ulaval.ca (SMI-8.6/SMI-SVR4) > id WAA03432; Wed, 19 Nov 1997 22:29:26 -0500 >Received: from cygnus.phy.ulaval.ca by astrosun (SMI-8.6/SMI-SVR4) > id WAA22474; Wed, 19 Nov 1997 22:29:15 -0500 >Received: from localhost by cygnus.phy.ulaval.ca (SMI-8.6) id WAA18923; Wed, 19 Nov 1997 22:29:24 -0500 >Date: Wed, 19 Nov 1997 22:29:24 -0500 (EST) >From: Dany Dionne <[EMAIL PROTECTED]> >X-Sender: [EMAIL PROTECTED] >To: debian-user@lists.debian.org >Subject: kernel message : Possible flooding ??? >Message-ID: <[EMAIL PROTECTED]> >MIME-Version: 1.0 >Content-Type: TEXT/PLAIN; charset=US-ASCII >Resent-Message-ID: <"6RrRJ.A.JpF.i26c0"@debian> >Resent-From: debian-user@lists.debian.org >X-Mailing-List: <debian-user@lists.debian.org> archive/latest/18862 >X-Loop: debian-user@lists.debian.org >Precedence: list >Resent-Sender: [EMAIL PROTECTED] > >Hi, >In the file /var/log/kern.log, I have the message like that : > >Nov 18 05:08:49 poynting last message repeated 2 times >Nov 18 05:10:50 poynting kernel: Warning: possible SYN flooding. Sending >cookies. >Nov 18 05:10:59 poynting kernel: Warning: possible SYN flooding. Sending >cookies. >Nov 18 05:10:59 poynting kernel: validated probe(3103d184, 5a4ccb84, >33166, 20100, 1878646017) > >This message is repeated a lot of time. What is the meaning of this >message? This week, a user (we actively search him) use our server to >attack and crash a other server on the net. Today, our own server crash. >We think that the crash was a strike back. So, the kernel message about a >possible flooding could be related to our hacker war? > >Dany Dionne >Physics Department >Laval University >Canada > Dany, sure looks like a syn-flood attack, take a look in tcpdump and See if it gave a legit address. BTW: is this on the Irc???..Rik... >TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to >[EMAIL PROTECTED] . >Trouble? e-mail to [EMAIL PROTECTED] . > >
______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .