syn flood attacked?

2002-05-17 Thread Patrick Hsieh
Hello list, I have a heavy smtp server and recently I got a lot messages like May 17 22:53:24 ms2 kernel: possible SYN flooding on port 25. Sending cookies. May 17 22:54:25 ms2 kernel: possible SYN flooding on port 25. Sending cookies. May 17 22:55:25 ms2 kernel: possible SYN flooding on port 25

gdm and pam_group problem

2002-05-17 Thread Mike Renfro
Haven't found a solution in any searches I've done thus far, so here's my problem: Given: - 1 workstation running gdm 2.2.5.5-2 (and pam 0.72-35), offering XDMCP access to selected other X Terminals, and also allowing gdm logins on the local console. - 1 remote X Terminal (soon to be severa

Re: syn flood attacked?

2002-05-17 Thread Michal Melewski
On Fri, May 17, 2002 at 11:44:16PM +0800, Patrick Hsieh wrote: > Hello list, > > I have a heavy smtp server and recently I got a lot messages like > > May 17 22:53:24 ms2 kernel: possible SYN flooding on port 25. Sending cookies. > May 17 22:54:25 ms2 kernel: possible SYN flooding on port 25. Se

Re: syn flood attacked?

2002-05-17 Thread Eric LeBlanc
On Fri, 17 May 2002, Michal Melewski wrote: > > May 17 23:03:11 ms2 kernel: possible SYN flooding on port 25. Sending cookies. > > Am I being syn flood attacked? How can I get rid of this? > Hello > In this case you are probably a target of a SYN Flood atack. > What you have to do is to compil

Re: syn flood attacked?

2002-05-17 Thread Greg Hunt
echo 1 > /proc/sys/net/ipv4/tcp_syncookies to turn on syn cookie support once it's compiled into the kernel. > In this case you are probably a target of a SYN Flood atack. > What you have to do is to compile your kernel with option with > protect_against_synflood (or something like this, but for

Re: syn flood attacked?

2002-05-17 Thread Juergen Fiedler
On Fri, May 17, 2002 at 12:46:46PM -0700, Greg Hunt wrote: > echo 1 > /proc/sys/net/ipv4/tcp_syncookies > to turn on syn cookie support once it's compiled into the kernel. IIRC, you can also (at least in Debian) add the line 'syncookies=yes' to /etc/network/options. --j msg06772/pgp0.pgp

Re: syn flood attacked?

2002-05-17 Thread JonesMB
>IIRC, you can also (at least in Debian) add the line 'syncookies=yes' to >/etc/network/options. after making this change, what service must I restart to make the change take effect? thanks jmb -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact

Re: syn flood attacked?

2002-05-17 Thread Noah L. Meyerhans
On Fri, May 17, 2002 at 04:38:24PM -0500, JonesMB wrote: > >IIRC, you can also (at least in Debian) add the line 'syncookies=yes' to > >/etc/network/options. > > after making this change, what service must I restart to make the change > take effect? None, the changes are in kernel space. Just

Re: syn flood attacked?

2002-05-17 Thread Mark Lanett
/etc/init.d/networking takes care of it but the option is set by default to "no" in /etc/network/options ~mark - Original Message - From: "Greg Hunt" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, May 17, 2002 12:46 PM Subject: Re: syn flood attacked? > echo 1 > /proc/sys/ne

Re: syn flood attacked?

2002-05-17 Thread Patrick Hsieh
Hello "Mark Lanett" <[EMAIL PROTECTED]>, Any other options available in /etc/network/options? And, is it possible to restrict the max. number of cuncurrent SYN_RECV packet in the system or max. burst number in a limited time? Any examples? On Fri, 17 May 2002 14:55:05 -0700 "Mark Lanett" <[EMA

Re: syn flood attacked?

2002-05-17 Thread Peter Cordes
On Sat, May 18, 2002 at 08:48:21AM +0800, Patrick Hsieh wrote: > Hello "Mark Lanett" <[EMAIL PROTECTED]>, > > Any other options available in /etc/network/options? > > And, is it possible to restrict the max. number of cuncurrent SYN_RECV > packet in the system or max. burst number in a limited

syn flood attacked?

2002-05-17 Thread Patrick Hsieh
Hello list, I have a heavy smtp server and recently I got a lot messages like May 17 22:53:24 ms2 kernel: possible SYN flooding on port 25. Sending cookies. May 17 22:54:25 ms2 kernel: possible SYN flooding on port 25. Sending cookies. May 17 22:55:25 ms2 kernel: possible SYN flooding on port 25.

gdm and pam_group problem

2002-05-17 Thread Mike Renfro
Haven't found a solution in any searches I've done thus far, so here's my problem: Given: - 1 workstation running gdm 2.2.5.5-2 (and pam 0.72-35), offering XDMCP access to selected other X Terminals, and also allowing gdm logins on the local console. - 1 remote X Terminal (soon to be several

Re: syn flood attacked?

2002-05-17 Thread Michal Melewski
On Fri, May 17, 2002 at 11:44:16PM +0800, Patrick Hsieh wrote: > Hello list, > > I have a heavy smtp server and recently I got a lot messages like > > May 17 22:53:24 ms2 kernel: possible SYN flooding on port 25. Sending cookies. > May 17 22:54:25 ms2 kernel: possible SYN flooding on port 25. Sen

Re: syn flood attacked?

2002-05-17 Thread Eric LeBlanc
On Fri, 17 May 2002, Michal Melewski wrote: > > May 17 23:03:11 ms2 kernel: possible SYN flooding on port 25. Sending > > cookies. > > Am I being syn flood attacked? How can I get rid of this? > Hello > In this case you are probably a target of a SYN Flood atack. > What you have to do is to co

Re: syn flood attacked?

2002-05-17 Thread Greg Hunt
echo 1 > /proc/sys/net/ipv4/tcp_syncookies to turn on syn cookie support once it's compiled into the kernel. > In this case you are probably a target of a SYN Flood atack. > What you have to do is to compile your kernel with option with > protect_against_synflood (or something like this, but for s

Re: syn flood attacked?

2002-05-17 Thread Juergen Fiedler
On Fri, May 17, 2002 at 12:46:46PM -0700, Greg Hunt wrote: > echo 1 > /proc/sys/net/ipv4/tcp_syncookies > to turn on syn cookie support once it's compiled into the kernel. IIRC, you can also (at least in Debian) add the line 'syncookies=yes' to /etc/network/options. --j pgpcW1NoQnnCM.pgp Descri

Re: syn flood attacked?

2002-05-17 Thread JonesMB
IIRC, you can also (at least in Debian) add the line 'syncookies=yes' to /etc/network/options. after making this change, what service must I restart to make the change take effect? thanks jmb -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [

Re: syn flood attacked?

2002-05-17 Thread Noah L. Meyerhans
On Fri, May 17, 2002 at 04:38:24PM -0500, JonesMB wrote: > >IIRC, you can also (at least in Debian) add the line 'syncookies=yes' to > >/etc/network/options. > > after making this change, what service must I restart to make the change > take effect? None, the changes are in kernel space. Just

Re: syn flood attacked?

2002-05-17 Thread Mark Lanett
/etc/init.d/networking takes care of it but the option is set by default to "no" in /etc/network/options ~mark - Original Message - From: "Greg Hunt" <[EMAIL PROTECTED]> To: Sent: Friday, May 17, 2002 12:46 PM Subject: Re: syn flood attacked? > echo 1 > /proc/sys/net/ipv4/tcp_syncookie

Re: syn flood attacked?

2002-05-17 Thread Patrick Hsieh
Hello "Mark Lanett" <[EMAIL PROTECTED]>, Any other options available in /etc/network/options? And, is it possible to restrict the max. number of cuncurrent SYN_RECV packet in the system or max. burst number in a limited time? Any examples? On Fri, 17 May 2002 14:55:05 -0700 "Mark Lanett" <[EMAI

Re: syn flood attacked?

2002-05-17 Thread Peter Cordes
On Sat, May 18, 2002 at 08:48:21AM +0800, Patrick Hsieh wrote: > Hello "Mark Lanett" <[EMAIL PROTECTED]>, > > Any other options available in /etc/network/options? > > And, is it possible to restrict the max. number of cuncurrent SYN_RECV > packet in the system or max. burst number in a limited t