Hello, In the last couple of days, I have got in /var/log/messages of our web server two series of messages that look like: Jan 5 18:06:22 www kernel: NET: 481 messages suppressed. Jan 5 18:06:22 www kernel: dst cache overflow In both cases, these logs stopped after an hour and I never noticed this kind of message before, this server has been up and running for more than 6 months now. While this was happening, the machine was almost unresponsive to network connections. I think that /proc/sys/net/ipv4/route/max_size controls the size of this cache; its current value is 4096. Can I safely change it ? Have you any suggestion for it new value ? The second serie of messages contained also some messages like: Jan 5 18:09:08 www kernel: possible SYN flooding on port 80. Sending cookies. syncookies are activated on this machine and have been effective until now against several SYN flooding attacks. Are these messages a sign of a new kind of DoS attack: SYN flooding from a bunch of faked IP adresses instead of just one that overflow routing table .... or am I too paranoid ? I am running kernel 2.2.14 SMP (coming from RH6.2 distro). Thanks for your help -- Joseph Bueno - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
