kernel message : Possible flooding ???

1997-11-20 Thread Dany Dionne 
Hi,
In the file /var/log/kern.log, I have the message like that :

Nov 18 05:08:49 poynting last message repeated 2 times
Nov 18 05:10:50 poynting kernel: Warning: possible SYN flooding. Sending
cookies.
Nov 18 05:10:59 poynting kernel: Warning: possible SYN flooding. Sending
cookies.
Nov 18 05:10:59 poynting kernel: validated probe(3103d184, 5a4ccb84,
33166, 20100, 1878646017)

This message is repeated a lot of time. What is the meaning of this
message? This week, a user (we actively search him) use our server to
attack and crash a other server on the net. Today, our own server crash.
We think that the crash was a strike back. So, the kernel message about a
possible flooding could be related to our hacker war?

Dany Dionne
Physics Department
Laval University
Canada


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: kernel message : Possible flooding ???

1997-11-20 Thread Rik Johns 
From [EMAIL PROTECTED] Wed Nov 19 19:30:15 1997
Received: (qmail 23137 invoked by uid 38); 20 Nov 1997 03:25:23 -
Resent-Date: 20 Nov 1997 03:25:23 -
Resent-Cc: recipient list not shown: ;
X-Envelope-Sender: [EMAIL PROTECTED]
Received: (qmail 23099 invoked from network); 20 Nov 1997 03:25:20 
-
Received: from phy-einstein.ulaval.ca (HELO einstein.phy.ulaval.ca) 
([EMAIL PROTECTED])
  by 205.229.104.5 with SMTP; 20 Nov 1997 03:25:20 -
Received: from astrosun by einstein.phy.ulaval.ca (SMI-8.6/SMI-SVR4)
   id WAA03432; Wed, 19 Nov 1997 22:29:26 -0500
Received: from cygnus.phy.ulaval.ca by astrosun (SMI-8.6/SMI-SVR4)
   id WAA22474; Wed, 19 Nov 1997 22:29:15 -0500
Received: from localhost by cygnus.phy.ulaval.ca (SMI-8.6) id WAA18923; 
Wed, 19 Nov 1997 22:29:24 -0500
Date: Wed, 19 Nov 1997 22:29:24 -0500 (EST)
From: Dany Dionne [EMAIL PROTECTED]
X-Sender: [EMAIL PROTECTED]
To: debian-user@lists.debian.org
Subject: kernel message : Possible flooding ???
Message-ID: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Resent-Message-ID: 6RrRJ.A.JpF.i26c0@debian
Resent-From: debian-user@lists.debian.org
X-Mailing-List: debian-user@lists.debian.org archive/latest/18862
X-Loop: debian-user@lists.debian.org
Precedence: list
Resent-Sender: [EMAIL PROTECTED]

Hi,
In the file /var/log/kern.log, I have the message like that :

Nov 18 05:08:49 poynting last message repeated 2 times
Nov 18 05:10:50 poynting kernel: Warning: possible SYN flooding. 
Sending
cookies.
Nov 18 05:10:59 poynting kernel: Warning: possible SYN flooding. 
Sending
cookies.
Nov 18 05:10:59 poynting kernel: validated probe(3103d184, 5a4ccb84,
33166, 20100, 1878646017)

This message is repeated a lot of time. What is the meaning of this
message? This week, a user (we actively search him) use our server to
attack and crash a other server on the net. Today, our own server 
crash.
We think that the crash was a strike back. So, the kernel message about 
a
possible flooding could be related to our hacker war?

Dany Dionne
Physics Department
Laval University
Canada

Dany, sure looks like a syn-flood attack, take a look in tcpdump and
See if it gave a legit address. BTW: is this on the Irc???..Rik...
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .



__
Get Your Private, Free Email at http://www.hotmail.com


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .