-----Original Message----- From: Kai-H. Weutzing [mailto:suse@exozet.com] Sent: Sunday, January 20, 2002 3:43 PM
Hi,
my webserver reports sometimes a
Jan 20 14:02:11 xxxxxxxx kernel: possible SYN flooding on port 80. Sending cookies. Jan 20 14:02:11 xxxxxxxx kernel: klogd 1.3-3, ---------- state change ---------- Jan 20 14:02:11 xxxxxxxx kernel: Inspecting /boot/System.map-2.2.18 Jan 20 14:02:11 xxxxxxxx kernel: Loaded 10080 symbols from /boot/System.map-2.2.18. Jan 20 14:02:11 xxxxxxxx kernel: Symbols match kernel version 2.2.18. Jan 20 14:02:11 xxxxxxxx kernel: Loaded 258 symbols from 2 modules.
So I think its no attack than a high traffic on my webserver. So what can I do? Is it possible to disable the SYN flood protection for port 80 (I didn't like to it) or can I modify the detection parameters of this protection routine? (I didn't like to read the kernel sources and re-compile it :-)
It normally gets enabled by your firewall script by: echo 1 > /proc/sys/net/ipv4/tcp_syncookies you can disable it by doing a: echo 0 > /proc/sys/net/ipv4/tcp_syncookies on the commandline or by commenting out or changing it in your firewall script. GertJan