Hi, We experience from time to time the following errors in production.
in /var/log/messages ... Jan 21 13:46:50 sbe12129 kernel: possible SYN flooding on port 80. Sending cookies. .. at the same time the command : netstat -a -n | grep 'SYN' gives a lot of SYN_RECV cp 0 0 10.49.220.44:80 10.40.133.35:1902 SYN_RECV tcp 0 0 10.49.220.44:80 10.20.151.33:1681 SYN_RECV tcp 0 0 10.49.220.44:80 10.40.133.35:1903 SYN_RECV tcp 0 0 10.49.220.44:80 10.32.182.189:3377 SYN_RECV tcp 0 0 10.49.220.44:80 10.28.172.33:3043 SYN_RECV tcp 0 0 10.49.220.44:80 10.12.58.50:2364 SYN_RECV tcp 0 0 10.49.220.44:80 10.36.33.84:3198 SYN_RECV tcp 0 0 10.49.220.44:80 10.36.33.84:3199 SYN_RECV tcp 0 0 10.49.220.44:80 10.36.33.84:3200 SYN_RECV tcp 0 0 10.49.220.44:80 10.36.30.239:2968 SYN_RECV tcp 0 0 10.49.220.44:80 10.28.155.26:2813 SYN_RECV tcp 0 0 10.49.220.44:80 10.12.58.50:2365 SYN_RECV tcp 0 0 10.49.220.44:80 10.28.155.26:2815 SYN_RECV tcp 0 0 10.49.220.44:80 138.190.2.106:37181 SYN_RECV tcp 0 0 10.49.220.44:80 10.32.182.179:2917 SYN_RECV tcp 0 0 10.49.220.44:80 10.32.182.179:2918 SYN_RECV tcp 0 0 10.49.220.44:80 10.32.182.179:2918 SYN_RECV tcp 0 0 10.49.220.44:80 10.20.50.169:3342 SYN_RECV tcp 0 0 10.49.220.44:80 10.68.72.58:2780 SYN_RECV tcp 0 The application is Java EJB based and runs on Websphere Application Server 3.5.5, Kernel SuSE 2.2.16. The workload is pretty heavy, in peak hour it uses 1.5 processor and process around 20 http requests per second. Fortunately, these errors are rare, 2 or 3 in one month, but when it occurs 1500 users are more or less blocked. We are checking everything in our environment but we haven't find the origin of the problem so far. Any idea ? Thanks in advance, Hervé Bonvin, Swisscom AG
