Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Have you captured flood packet info, such as the source ip or mac address, some times syn floods originate from virus infected computers on you own network, use tcpdump to capture network traffic. Another messure you could take is to set your kernel up to protect you system with syn cookies. You'll need to set a parameter in the proc file system. The command "echo 1 > /proc/sys/net/ipv4/tcp_syncookies " will set this option for you, in order to set this option at boot time you must edit your /etc/sysctl.conf file, by viewing the file you'll see how kernel options are set. I will suggest that you find the offending host, if it's on your network shut it down and clean it up.
What is your domain name?
I have a question about flooding, since my lights on my broadband modem are flickering constantly like a mad fly and tcp dump captured 3600 packets when idle over a minute and 700 packets within two seconds when I clicked "reply" on this site, is this normal, or do I have a flooding problem as well? This is strange, since I have constantly reinstalled operating systems and changed IP's over and over again. Funny, because a few kilobytes of traffic shouldn't generate so much traffic (and lights!) should it? Or is background traffic more busy than I thought (whats the use of it anyway?)?
(Or perhaps one can lock on to physical network adapter addeesses?)
It's hard to tell if you experiencing floods( Denial of service ), normally syn floods attack service ports, like in this post the person refers to port 80, the port reserved for HTTP protocol, what is happening? TCP uses TCP three-way handshake, SYN > SYN, ack and ack. The client sends a SYN request to the server, the server replies with a SYN, ack and the client returns an ack. Syn floods( Denial of service ) are programs which send high rates of SYN's to the victim host filling the incomplete connection queue for the TCP port (in this case port 80), also the source IP address of each SYN is set to a random number (IP spoofing) so the server SYN, ack goes nowhere, preventing the server from knowing the real IP address of the program. By filling the incompete queue with bad SYN's real client SYN's are not queued, providing a "Denial of service" to real clients. Setting the syn cookies option allows the server to continue operating as normal. There are volumes of books written on this topic, it's way beyond the scope of a thread, there are allot of computer science students and math professors that publish information on these topics on-line, use a google search to get a bigger picture..
Your tcpdump captures and modem lights questions;
If I am connected to eth1 on a firewall computer using ssh and I run tcpdump on that interface "tcpdump -i eth1" I will capture thousands of packets in a few seconds, why? I have an established connection on port 22 and tcpdump will capture all traffic related to this connection, as with your DSL modem, your machine is probably connecting to a server using PPPoA or PPPoE, which is generating network traffic. Public networks always have loads of harmless traffic on it which tcpdump will capture.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.