Date: Sun, 25 Jul 1999 01:08:59 -0700 (PDT) From: Anil Jangity <aj@entic.net> To: freebsd-questions@freebsd.org Subject: lots of SYN_RCVDs Message-ID: <Pine.BSF.4.10.9907250100090.29286-100000@shell.entic.net>
next in thread | raw e-mail | index | archive | help
Hi, I am using 2.2.8 STABLE. I have noticed that if I do netstat -n |grep RCVD I am seeing a LOT of connections that look like this: tcp 0 0 209.157.x.y.23 5.217.247.122.50813 SYN_RCVD tcp 0 0 209.157.x.y.23 161.123.163.118.44481 SYN_RCVD tcp 0 0 209.157.x.y.23 8.227.78.245.42898 <snip> SYN_RCVD tcp 0 0 209.157.x.y.23 164.133.250.241.36566 ---------------------------------------------------------------- The weird thing is, I try to ping the hosts on the right side and I get NO reply from them. I did a traceroute on atleast 5 ips and nothing wrong on my side. Is it just that they are blocking icmp? If so, thats a big coinsidence that none of those ip's seem to be pingable. (Yes I am able to ping other known hosts successfully). Is this how a SYN flood looks like? If so is there a patch for 2.2.8stable for the kernel that limits SYN floods on the cpu? I know there was one that was for 3.X. I don't know who the author was, but it was on bugtraq and freebsd-security. Also note that it only happens on port 23 and I am positive that all of those are NOT users trying to telnet into me. :) Thanks. Kind regards, Anil Jangity To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9907250100090.29286-100000>