I seem to have allot of entries in my dmesg log like the following possible SYN flooding on port 80. Sending cookies.
Now using netstat I saw some connections similar to www.obsidian-studios.com:www 66-182-46-206.atgi:2781 SYN_RECV From time to time a particular IP address will have multiple lines like the one above with multiple connections to each IP site on my server. I have begun denying service to certain IP's that look like they are abusing the server. So far I have denied all access from 6 IP addresses. Although I am not to sure if that is what I should have done or not. The kernel seems to have tcp_syncookies enabled, which I think is correct, I can turn it off if it will help. But it is one by default, I never turned it on. Anyway I just want to make sure that I am addressing this situation properly and not blocking people out of the server who are not trying to abuse it. Is this something I need to be concerned with, and what should I do about it? It seems that after a period of time even IP that have multiple SYN_RECV connections end up disappearing. I am starting to second guess my decision to block out those IP's. Any comments advice. Either is greatly appreciated. -- Sincerely, William L. Thomson Jr. Support Group Obsidian-Studios Inc. 439 Amber Way Petaluma, Ca. 94952 Phone 707.766.9509 Fax 707.766.8989 http://www.obsidian-studios.com _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
