...
> The warning simply means that connection requests are comming in faster
> than the server can process them.
>
> The syn cookie code keeps no per host state of course, just a
> per-socket-global counter and timestamp (it would make no sense because in
> real syn flood attacks the source addresses are usually forged). So the
> syn cookie code will just report one packet that happened to overflow
> the backlog queue (and that the warning message load limiter let through)
IC.
BTW, one of the other persons on our net winnuked the first IP address that was
assumed to be a SYN flooder. It brought that machine down, but IIRC the SYN
flood warnings didn't stop until I rebooted the server.
Greetings,
Geert
--
Geert Uytterhoeven Geert.Uytterhoeven@cs.kuleuven.ac.be
Wavelets, Linux/{m68k~Amiga,PPC~CHRP} http://www.cs.kuleuven.ac.be/~geert/
Department of Computer Science -- Katholieke Universiteit Leuven -- Belgium
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html