On 11/05/11 21:15, Geoff Shang wrote:
Is there syn cookies statistics saying how many SYNs vs. how many
ACKs arrive?
Where would I see this?
Somewhere in proc?
If not, try to disable SYN cookies, and see whether the number of
connections in SYN_RECV state (nestat -a) is steady of increasing
over the minute or so after disabling cookies. If it is not
increasing, then this is not an attack.
Well I will have to wait until it happens again. The fact that it
only shows up in the log when I have been broadcasting is rather
suspicious.
I have had egg on my face enough times to be cautious about blaming a
personal attack on someone. It's not that personal attacks don't happen,
it's just that the more common case is that it's something relatively
benign.
Also:
http://blog.shemesh.biz/2004/10/%D7%90%D7%9D-%D7%96%D7%94-%D7%9C%D7%90-%D7%94%D7%99%D7%94-%D7%9B%D7%9C-%D7%9B%D7%9A-%D7%9E%D7%A6%D7%97%D7%99%D7%A7/
Shachar
--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com
_______________________________________________
Linux-il mailing list
[email protected]
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
