On May 24, 2004 07:09 pm, Ryan Golhar wrote: > I'm running an LDAP server to authenticate users using secure ldap on > port 636 -- standard port. The client access the server and I get the > following messages on server from the firewall: > > May 23 04:02:10 myserver kernel: SYN-FLOOD: IN=eth0 OUT= > MAC=00:07:e9:ac:2a:22:00:04:c1:55:a7:c2:08:00 SRC=192.168.10.122 > DST=192.168.10.2 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=31600 DF PROTO=TCP > SPT=36082 DPT=636 WINDOW=5840 RES=0x00 SYN URGP=0 > > I get these quite frequently from each client. My iptables firewall > rule is as follows: > > On the input chain: > -A LINWIZ-INPUT -p tcp -m tcp --syn -j SYN-FLOOD > > On the SYN-FLOOD chain: > -A SYN-FLOOD -m limit --limit 1/s --limit-burst 4 -j RETURN > -A SYN-FLOOD -j LOG --log-prefix "SYN-FLOOD: " > -A SYN-FLOOD -j DROP > > Are my rules incorrect, or is it truly ldap clients flooding the server? > > ----- > Ryan Golhar > Computational Biologist > The Informatics Institute at > The University of Medicine & Dentistry of NJ > > Phone: 973-972-5034 > Fax: 973-972-7412 > Email: golharam@xxxxxxxxx Hi Ryan, What other rules are in place? Can you either post your iptables script or else the output of "iptables -L"? Are the clients successfulling connecting/authenticating? -- Pete Nesbitt, rhce -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
