LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   kernel: possible SYN flooding on port 110. Sending cookies. (https://www.linuxquestions.org/questions/linux-newbie-8/kernel-possible-syn-flooding-on-port-110-sending-cookies-4175476575/)

mitter1989 09-10-2013 05:22 AM
kernel: possible SYN flooding on port 110. Sending cookies.
 
Hi there,

Is this a normal behavior of CentOS6.0? my message file is keep showing such error.

kernel: possible SYN flooding on port 110. Sending cookies.



Thanks.
-MITTER

business_kid 09-10-2013 05:31 AM
No, it's not. Port 110 is normally assigned to POP and unless you have an Email server running a POP service, I'd raise an eyebrow at that. Does the port number remain the same? If you don't run a POP (= fetch email)on the machine, you can safely block the port in the firewall. But it is weirdness.

mitter1989 09-10-2013 06:29 AM
Thanks,

Yes, Pop3 is running on the server. I can't block this port as we have given this service to our customer.

No, Port changed frequently with 25/smtp,80/http and 110/pop3.


I want to know why this error comes? and how can I prevent this error without blocking this port?


-MITTER

zhjim 09-10-2013 07:23 AM
You could disable syncookies. This would make the error go away. Or edit your syslog config to not show this error.

For some background: syncookies are a way to prevent dos by opening to many new connection straying the server from sockets. Say a new connection with goes by a SYN flag is delayed but not dropped if the nedded syn ack packets does not arrive in a certain time.

Nother thing you could do is try to see which ip triggers the syncookie and either rate limit them or block them by iptables.

mitter1989 09-10-2013 08:11 AM
Thanks! Zhjim.


All times are GMT -5. The time now is 09:20 PM.