Originally Posted by shan_nathan
I am using solaris 9 on sparc hardware. In the server i am running one third party proxy serer application. mine is a big network nearly above 5,000. So the proxy is generally loaded. When i check the /var/adm/messages i am finding the following error
Oct 22 12:03:42 SunSPARC03 tcp: [ID 995438 kern.warning] WARNING: High TCP connect timeout rate! System (port 8007) may be under a SYN flood attack!Oct 22 12:03:42 SunSPARC03 tcp: [ID 995438 kern.warning] WARNING: High TCP connect timeout rate! System (port 8007) may be under a SYN flood attack!
When i get the message the proxy application not function proberly. Is there any way to configure the kernal to address the problem.
Thanks in advance,
If you take the warning at its word, then you should start issuing TCP SYN cookies
. If that mitigates the problem, you'll need to figure-out why you were being flooded in the first place. SYN flooding isn't always caused by an intentional denial-of-service attack, it is sometimes the result of buggy client-side software, or even underlying network problems. EDIT: It could also be that the amount of legitimate traffic you have is too much for your current limits. In that case, this article would be useful to you, as it explains how to raise the relevant limits for Solaris.