Re: SOLVED AGAIN HELP: NOT SOLVED ! ! looks like a SYN attack
On Mon, Feb 22, 1999 at 01:59:30PM -0300, Eric Dahnke wrote: That solved it. We're running Linux kernel 3.0.26, and I'm sure it is protected from SYN attacks. While were on the subject, does tcpserver have capabilities of dealing effectively with SYN attacks? Thanks, John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Re: SOLVED AGAIN HELP: NOT SOLVED ! ! looks like a SYN attack
From: Russell Nelson [EMAIL PROTECTED] :John Conover writes: : While were on the subject, does tcpserver have capabilities of dealing : effectively with SYN attacks? : :It's the kernel which is being attacked in a SYN attack. Therefore, :Dan's syncookies fix must be implemented in every kernel of interest. :http://pobox.com/~djb/proto/syncookies.html The Linux kernel has syn cookies, but they are not enabled by default in 2.2. It's a config option. --Adam
SOLVED AGAIN HELP: NOT SOLVED ! ! looks like a SYN attack
Thanks Dave, That solved it. We're running Linux kernel 3.0.26, and I'm sure it is protected from SYN attacks. Here is a summary of what happened. - port 25 was not responding because /var was full. - I removed most of the old logs and rebooted. - port 25 came back, but only for a few minutes. - noticed the possible SYN flood in log/messages - deleted the current messages and maillog logs as Dave suggested below and teh SYN messages (and presumably the attacks? - for some reason port 25 was full up) stopped and port 25 came back. thanks to those who responded. - eric Dave Hansen escribió: Hello Eric, Have you removed the log files from /var/log/ ? Most importantly the maillog. Then reboot. Sounds like a problem I had once caused lots of Zombie processes and once I removed the maillog and rebooted it was fine. Also what flavor of linux are you using? Thanks, Dave