kernel: possible SYN flooding on port 110. Sending cookies.
Hi there,
Is this a normal behavior of CentOS6.0? my message file is keep showing such error. kernel: possible SYN flooding on port 110. Sending cookies. Thanks. -MITTER |
No, it's not. Port 110 is normally assigned to POP and unless you have an Email server running a POP service, I'd raise an eyebrow at that. Does the port number remain the same? If you don't run a POP (= fetch email)on the machine, you can safely block the port in the firewall. But it is weirdness.
|
Thanks,
Yes, Pop3 is running on the server. I can't block this port as we have given this service to our customer. No, Port changed frequently with 25/smtp,80/http and 110/pop3. I want to know why this error comes? and how can I prevent this error without blocking this port? -MITTER |
You could disable syncookies. This would make the error go away. Or edit your syslog config to not show this error.
For some background: syncookies are a way to prevent dos by opening to many new connection straying the server from sockets. Say a new connection with goes by a SYN flag is delayed but not dropped if the nedded syn ack packets does not arrive in a certain time. Nother thing you could do is try to see which ip triggers the syncookie and either rate limit them or block them by iptables. |
Thanks! Zhjim.
|
All times are GMT -5. The time now is 09:20 PM. |