I found one of my servers paralyzed this evening with the following
on screen:
Warning: possible SYN flood from 192.58.197.162 on 206.168.220.51:25.
Sending cookies.
Warning: possible SYN flood from 198.186.203.51 on 206.168.220.51:25.
Sending cookies.
Warning: possible SYN flood from 199.175.137.150 on 206.168.220.51:25.
Sending cookies.
Warning: possible SYN flood from 64.208.135.36 on 206.168.220.51:25.
Sending cookies.
Warning: possible SYN flood from 210.118.177.3 on 206.168.220.51:25.
Sending cookies.
The server in question has the IP listed at the end
(206.168.220.51), and most of those other IPs I know who they
are...except the last two.
192.58.197.162 => web.mysql.com
198.186.203.51 => va.php.net
199.175.137.150 => horde.org
64.208.135.36 => sender23.lodo.exactis.com (Unknown)
210.118.177.3 => Unknown
Considering they're all on port 25, I'm assuming they were incoming
email messages. I do receive email from the above mentioned (known)
domains. But, what caused the SYN flood in the first place? The only
way to regain the system was a cold reboot.
AMK4
--
W |
| I haven't lost my mind; it's backed up on tape somewhere.
|____________________________________________________________________
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ashley M. Kirchner <mailto:[EMAIL PROTECTED]> . 303.442.6410 x130
SysAdmin / Websmith . 800.441.3873 x130
Photo Craft Laboratories, Inc. . eFax 248.671.0909
http://www.pcraft.com . 3550 Arapahoe Ave #6
.................. . . . . Boulder, CO 80303, USA
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
