tis 2006-06-20 klockan 13:30 +0200 skrev Emilio Casbas: > you can need a iptables script and see the 'limit' module in iptables.
Don't do that. It causes more damage than good leaving your system easily vulnerable to DoS by SYN-Flooding. syn cookies alone solves the SYN-flood problem very nicely and efficiently. The log message should be taken more as a hint that you may want to investigate the current network traffic as there maybe is something broken (bad cable or similar) OR someone actually trying to SYN-flood you. But it could also simply be that the server is overloaded. So it's a hint that the traffic may need to be looked into, not a rule or even a strong indication of problem. Regards Henrik
signature.asc
Description: Detta är en digitalt signerad meddelandedel
