ZioPRoTo (Saverio Proto)
2011-May-25 18:59 UTC
kernel: possible SYN flooding on port 655. Sending cookies.
On a Linux Server running tincd I noticed the following log message in /var/log/messages kernel: possible SYN flooding on port 655. Sending cookies. I found this on the web: If SYN cookies are enabled, then the kernel doesn't track half open connections at all. Instead it knows from the sequence number in the following ACK datagram that the ACK very probably follows a SYN and a SYN-ACK. That way SYN floods are not a problem to it. So I guess there is nothing to worry about, correct ? Saverio
Guus Sliepen
2011-May-25 21:03 UTC
kernel: possible SYN flooding on port 655. Sending cookies.
On Wed, May 25, 2011 at 08:59:43PM +0200, ZioPRoTo (Saverio Proto) wrote:> On a Linux Server running tincd I noticed the following log message in > /var/log/messages > > kernel: possible SYN flooding on port 655. Sending cookies.[...]> So I guess there is nothing to worry about, correct ?No, unless someone is indeed trying to flood port 655, maybe trying to DoS tinc. But the message could be triggered because several nodes tried to connect to that server at the same time. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20110525/c415359e/attachment.pgp>