11/20/2008 02:53:04.864 - SYN flood attack dropped -
75.2.205.141, 48102 - 10.80.80.210, 110
11/20/2008 03:08:04.864 - SYN flood attack dropped -
75.2.205.141, 64955, greatcooks.biz - 10.80.80.220, 110
11/20/2008 03:23:08.864 - SYN flood attack dropped -
75.2.205.141, 43068, greatcooks.biz - 10.80.80.210, 110
These are the statements from my Firewall saying that it was dropped.
-----Original Message-----
From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On Behalf
Of Kai Schaetzl
Sent: Thursday, November 20, 2008 11:31 AM
To: centos@xxxxxxxxxx
Subject: Re: SYD flood dropped on Sendmail (centos 4.x)
Chris Heiner wrote on Thu, 20 Nov 2008 08:48:50 -0800:
> My firewall seems to block an attack my Centos / Sendmail boxes on port
110.
port 110 is your POP server, probably dovecot.
> These servers require a reboot after each attack.
Because of what?
> My firewall says it's
> blocked?
I don't see this statement in your logs. How/where does it say this?
> Do I need to patch something on sendmail? Or is my firewall not
> doing its job (Sonicwall)? This is not the first time this has happened.
SYN floods are not unusual, even if it is not an attack.
What or if you want to do something depends on your situation.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
----------------------------------------------
Gateway Anti-Spam Anti-Virus Protection by
Network Designs Inc. 949-727-3393
For a complete list of services go to
www.networkdesignsinc.com
----------------------------------------------
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
