> Hello, All !
>
> There was recently a following problem :
>
> Kernel stop responding on 25th port, believing all income connections
> are flood. There are a lot "Warning: possible SYN flood from ..." messages.
> All of them came from mail relays, e.g. nic.funet.fi, portcullis.itis.com,
> etc, including our local mail relays. I don't believe this was a real attack.
>
> There are also a lot of "validated probe" messages , but I never could
> reach 25th port telnetting on it. I got "connected" once, but nothing followed.
> In other cases connection failed on timeout.
>
> reboot healed this, of course.
You seem to have the RST_COOKIE code enabled. That code is very experimental
and known to have some bugs. It is better to switch to Syn Cookies when
you want Syn Flood protection and switch both off if you don't need that.
-A.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu