Chris Heiner wrote:
My guys,
My firewall seems to block an attack my Centos / Sendmail boxes on
port 110. These servers require a reboot after each attack. My
firewall says it’s blocked? Do I need to patch something on sendmail?
Or is my firewall not doing its job (Sonicwall)? This is not the first
time this has happened.
11/20/2008 02:53:04.864 - SYN flood attack dropped - 75.2.205.141,
48102 - 10.80.80.210, 110
11/20/2008 03:08:04.864 - SYN flood attack dropped - 75.2.205.141,
64955, greatcooks.biz - 10.80.80.220, 110
11/20/2008 03:23:08.864 - SYN flood attack dropped - 75.2.205.141,
43068, greatcooks.biz - 10.80.80.210, 110
Any input would be much appreciated.
Thanks.
If these are to bogus email addresses, you might try letting sendmail
itself throttle the attacks. Look into sendmail's BAD_RCPT_THROTTLE.
This has done wonders for my systems.
John Hinton
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos