Re: [squid-users] possible SYN flooding on port 3128. Sending cookies

From: Henrik Nordström <henrik_at_henriknordstrom.net>
Date: Fri, 04 Jun 2010 18:15:27 +0200

fre 2010-06-04 klockan 11:51 +0700 skrev Khemara Lyn:

> "Jun 4 11:11:39 cache kernel: possible SYN flooding on port 3128.
> Sending cookies."

You get this message when the SYN backlog queue is filled in the TCP
kernel. This is mainly connections in SYN_RECV state. It is safe to
tune up the limit considerably from the defaults.

> Is the system really under SYN flood attack?

Probably not. More likely some clients not behaving optimal. But if it
is then the SYN cookies helps making the attack pretty much without any
noticeable effect.

Regards
Henrik
Received on Fri Jun 04 2010 - 16:15:31 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 05 2010 - 12:00:04 MDT