Sounds like a SYN Attack... Are all of these connections sourced from the same location? Can you access your router to determine where the traffic is coming from?
On Thu, 2003-12-18 at 01:00, andy drexler wrote: > Bill - > > Thanks for the reply. > > I followed your advice below and it doesn't seem to > have made a difference. > > I did a > > netstat -n -p TCP > > and it shows a couple of hundred active connections, > with 130 or so being the SYN_RECV state. Could this be > some sort of DOS attack? > > Thanks again for your help. > > amd > > > > --- Bill Shupp <[EMAIL PROTECTED]> wrote: > > andy drexler wrote: > > > I searched the mail archive and found out why the > > log > > > file was empty. I added the -v to the smtpd/run > > script > > > and the log is now growing. On the server, there > > are a > > > bunch of running smtpd processes: > > > > > > 21728 ? S 0:00 > > /var/qmail/bin/qmail-smtpd > > > mail2.smartsite.net /home/vpopmail/bin/vchkpw > > > /bin/true > > > > > > there are about 20 of these processes. the > > > var/log/qmail/smtpd/current file loks like: > > > > > > @400000003fe135d52844b54c tcpserver: pid 22727 > > from > > > 66.218.86.99 > > > @400000003fe135d5284a5e84 tcpserver: ok 22727 > > > 0:64.186.170.70:25 :66.218.86.99::41417 > > > @400000003fe135d534ca88b4 tcpserver: end 22727 > > status > > > 0 > > > @400000003fe135d534caafc4 tcpserver: status: 19/20 > > > @400000003fe135d534ccc304 tcpserver: status: 20/20 > > > @400000003fe135d534da4024 tcpserver: pid 22729 > > from > > > 131.202.3.20 > > > @400000003fe135d534de85e4 tcpserver: ok 22729 > > > 0:64.186.170.70:25 :131.202.3.20::33911 > > > > > > a small number of messages to seem to be getting > > out, > > > but basically none of my users can send. > > > > Looks like your concurrency is maxed. Try > > increasing your > > /var/qmail/control/concurrencyincoming to 50 and > > restart qmail-smtpd. > > > > Regards, > > > > Bill > > > > __________________________________ > Do you Yahoo!? > New Yahoo! Photos - easier uploading and sharing. > http://photos.yahoo.com/ -- --------------------------- Jason 'XenoPhage' Frisvold Engine / Technology Programmer [EMAIL PROTECTED] RedHat Certified - RHCE # 807302349405893 MySQL Core Certified - ID# 205982910 --------------------------- "Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming."
signature.asc
Description: This is a digitally signed message part
