I'm running an LDAP server to authenticate users using secure ldap on port 636 -- standard port. The client access the server and I get the following messages on server from the firewall: May 23 04:02:10 myserver kernel: SYN-FLOOD: IN=eth0 OUT= MAC=00:07:e9:ac:2a:22:00:04:c1:55:a7:c2:08:00 SRC=192.168.10.122 DST=192.168.10.2 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=31600 DF PROTO=TCP SPT=36082 DPT=636 WINDOW=5840 RES=0x00 SYN URGP=0 I get these quite frequently from each client. My iptables firewall rule is as follows: On the input chain: -A LINWIZ-INPUT -p tcp -m tcp --syn -j SYN-FLOOD On the SYN-FLOOD chain: -A SYN-FLOOD -m limit --limit 1/s --limit-burst 4 -j RETURN -A SYN-FLOOD -j LOG --log-prefix "SYN-FLOOD: " -A SYN-FLOOD -j DROP Are my rules incorrect, or is it truly ldap clients flooding the server? ----- Ryan Golhar Computational Biologist The Informatics Institute at The University of Medicine & Dentistry of NJ Phone: 973-972-5034 Fax: 973-972-7412 Email: golharam@xxxxxxxxx -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
