Re: SYD flood dropped on Sendmail (centos 4.x)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Chris Heiner wrote:

My guys,

My firewall seems to block an attack my Centos / Sendmail boxes on port 110. These servers require a reboot after each attack. My firewall says it’s blocked? Do I need to patch something on sendmail? Or is my firewall not doing its job (Sonicwall)? This is not the first time this has happened.

11/20/2008 02:53:04.864 - SYN flood attack dropped - 75.2.205.141, 48102 - 10.80.80.210, 110

11/20/2008 03:08:04.864 - SYN flood attack dropped - 75.2.205.141, 64955, greatcooks.biz - 10.80.80.220, 110

11/20/2008 03:23:08.864 - SYN flood attack dropped - 75.2.205.141, 43068, greatcooks.biz - 10.80.80.210, 110

Any input would be much appreciated.

Thanks.

If these are to bogus email addresses, you might try letting sendmail
itself throttle the attacks. Look into sendmail's BAD_RCPT_THROTTLE.
This has done wonders for my systems.

John Hinton

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux