fre 2010-06-04 klockan 11:51 +0700 skrev Khemara Lyn: > "Jun 4 11:11:39 cache kernel: possible SYN flooding on port 3128. > Sending cookies."
You get this message when the SYN backlog queue is filled in the TCP kernel. This is mainly connections in SYN_RECV state. It is safe to tune up the limit considerably from the defaults. > Is the system really under SYN flood attack? Probably not. More likely some clients not behaving optimal. But if it is then the SYN cookies helps making the attack pretty much without any noticeable effect. Regards Henrik
