3 Nov
2019
3 Nov
'19
7 p.m.
On 01/11/2019 14:08, Andy Smith wrote:
On Fri, Nov 01, 2019 at 08:09:49AM +0000,
ed-bitfolk(a)s5h.net wrote:
This is appearing on my console:
TCP: request_sock_TCP: Possible SYN flooding on port 25. Sending
cookies. Check SNMP counters.
And SYN cookies are enabled on my server.
Gavin
One of the counter measures (and thing I
didn't suggest during an
interview for an SRE at a large search company) is to enable SYN
cookies, look at drawbacks though. This turns the three-way handshake
into four way, and doesn't steal space from the state table until the
third state of the now four-way handshake.
https://en.wikipedia.org/wiki/SYN_cookies
I do actually use SYN cookies myself
so this may explain why I don't
see this for any of BitFolk's own stuff.
Those of you who are seeing alerts, do you have SYN cookies enabled
and if not, does enabling them stop it happening?