Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 09-10-2013, 06:22 AM   #1
Registered: Sep 2013
Posts: 47

Rep: Reputation: Disabled
Wink kernel: possible SYN flooding on port 110. Sending cookies.

Hi there,

Is this a normal behavior of CentOS6.0? my message file is keep showing such error.

kernel: possible SYN flooding on port 110. Sending cookies.

Old 09-10-2013, 06:31 AM   #2
LQ Guru
Registered: Jan 2006
Location: Ireland
Distribution: Slackware & Android
Posts: 7,579

Rep: Reputation: 698Reputation: 698Reputation: 698Reputation: 698Reputation: 698Reputation: 698
No, it's not. Port 110 is normally assigned to POP and unless you have an Email server running a POP service, I'd raise an eyebrow at that. Does the port number remain the same? If you don't run a POP (= fetch email)on the machine, you can safely block the port in the firewall. But it is weirdness.
Old 09-10-2013, 07:29 AM   #3
Registered: Sep 2013
Posts: 47

Original Poster
Rep: Reputation: Disabled

Yes, Pop3 is running on the server. I can't block this port as we have given this service to our customer.

No, Port changed frequently with 25/smtp,80/http and 110/pop3.

I want to know why this error comes? and how can I prevent this error without blocking this port?

Old 09-10-2013, 08:23 AM   #4
Senior Member
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,748
Blog Entries: 11

Rep: Reputation: 233Reputation: 233Reputation: 233
You could disable syncookies. This would make the error go away. Or edit your syslog config to not show this error.

For some background: syncookies are a way to prevent dos by opening to many new connection straying the server from sockets. Say a new connection with goes by a SYN flag is delayed but not dropped if the nedded syn ack packets does not arrive in a certain time.

Nother thing you could do is try to see which ip triggers the syncookie and either rate limit them or block them by iptables.
Old 09-10-2013, 09:11 AM   #5
Registered: Sep 2013
Posts: 47

Original Poster
Rep: Reputation: Disabled
Thumbs up

Thanks! Zhjim.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
possible SYN flooding on port 1935. Sending cookies. 007stealth Linux - Security 7 09-07-2013 06:29 PM
SYN Flooding mosthigh Linux - Security 1 10-26-2009 06:46 AM
kernel: possible SYN flooding on port 2790. Sending cookies. zekmaster Linux - Security 10 08-26-2008 04:02 AM
How do I protect myself against TCP SYN flooding? arkaan Linux - Security 8 04-16-2007 08:54 PM
Possible SYN flooding? gbowden Linux - Security 7 02-08-2007 09:16 AM

All times are GMT -5. The time now is 08:17 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration