Hi.

I have many messages on my box like this: tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)

Some connections dropped. But it's legal connections. Looks like something wrong with syncache.

An examples:
20:31:08.464499 IP XXX.YYY.240.5.50393 > XXX.YYY.234.8.8542: Flags [S], seq 4197725771, win 65535, options [mss 1353,nop,wscale 3,sackOK,TS val 3072911437 ecr 0], length 0 20:31:08.464548 IP XXX.YYY.234.8.8542 > XXX.YYY.240.5.50393: Flags [S.], seq 1425159360, ack 4197725772, win 65535, options [mss 1353,nop,wscale 3,sackOK,TS val 2395628971 ecr 3072911437], length 0

Looks good, but:
May 7 20:31:09 cobalt kernel: TCP: [XXX.YYY.240.5]:50393 to [XXX.YYY.234.8]:8542 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)

For 1.5 hours:
% grep SYNCOOKIE /var/log/messages | wc -l
    1727

Any ideas please?

--
Sem.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Reply via email to