Les,
I have had that issue before with high traffic users and you are correct,
but I think this may be another issue as the its an off hours issue.
Thanks
-----Original Message-----
From: centos-bounces@xxxxxxxxxx [mailto:centos-bounces@xxxxxxxxxx] On Behalf
Of Les Mikesell
Sent: Thursday, November 20, 2008 12:07 PM
To: CentOS mailing list
Subject: Re: SYD flood dropped on Sendmail (centos 4.x)
Kai Schaetzl wrote:
> Chris Heiner wrote on Thu, 20 Nov 2008 08:48:50 -0800:
>
>> My firewall seems to block an attack my Centos / Sendmail boxes on port
110.
>
> port 110 is your POP server, probably dovecot.
>
>> These servers require a reboot after each attack.
>
> Because of what?
>
>> My firewall says it's
>> blocked?
>
> I don't see this statement in your logs. How/where does it say this?
>
>> Do I need to patch something on sendmail? Or is my firewall not
>> doing its job (Sonicwall)? This is not the first time this has happened.
>
> SYN floods are not unusual, even if it is not an attack.
> What or if you want to do something depends on your situation.
If you have a popular server you can get what appear to be syn floods
from broken asymmetrical routing or bad firewall settings that permit
what would ordinarily be a normal number of client connection requests
to reach you but keep your response from getting back. So the clients
sit and retry, hammering you with syn's.
--
Les Mikesell
lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
----------------------------------------------
Gateway Anti-Spam Anti-Virus Protection by
Network Designs Inc. 949-727-3393
For a complete list of services go to
www.networkdesignsinc.com
----------------------------------------------
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
