SYN flooding
Shachar Shemesh
shachar at shemesh.biz
Wed May 11 21:50:28 IDT 2011
On 11/05/11 21:15, Geoff Shang wrote:
>
>> Is there syn cookies statistics saying how many SYNs vs. how many
>> ACKs arrive?
>
> Where would I see this?
>
Somewhere in proc?
>> If not, try to disable SYN cookies, and see whether the number of
>> connections in SYN_RECV state (nestat -a) is steady of increasing
>> over the minute or so after disabling cookies. If it is not
>> increasing, then this is not an attack.
>
> Well I will have to wait until it happens again. The fact that it
> only shows up in the log when I have been broadcasting is rather
> suspicious.
>
I have had egg on my face enough times to be cautious about blaming a
personal attack on someone. It's not that personal attacks don't happen,
it's just that the more common case is that it's something relatively
benign.
Also:
http://blog.shemesh.biz/2004/10/%D7%90%D7%9D-%D7%96%D7%94-%D7%9C%D7%90-%D7%94%D7%99%D7%94-%D7%9B%D7%9C-%D7%9B%D7%9A-%D7%9E%D7%A6%D7%97%D7%99%D7%A7/
Shachar
--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com
More information about the Linux-il
mailing list