[OmniOS-discuss] WARNING: High TCP connect timeout rate! System (port 80) may be under a SYN flood attack!
Bob Friesenhahn
bfriesen at simple.dallas.tx.us
Tue Mar 28 15:50:04 UTC 2017
On Tue, 28 Mar 2017, Dale Ghent wrote:
>
> Likely coincidence. Have you managed to catch one of these in the act and inspected netstat and snoop/tcpdump output?
I have not yet taken it to that level since it does not seem to cause
actual harm. I do have a host in the AT&T network somewhere in NY
city which has been repeatedly trying to do zone transfers from my DNS
server for at least the same duration so it is possible that this is
related activity.
Bob
>
> /dale
>
>> On Mar 28, 2017, at 9:43 AM, Bob Friesenhahn <bfriesen at simple.dallas.tx.us> wrote:
>>
>> Since updating OmniOS to r151020, I have been seeing many "SYN flood attack!" warnings on the system console. I never saw these before.
>>
>> Has something changed in the TCP/IP stack which now produces these warnings or has my server been co-incidentally targeted for SYN flood attacks and was not targeted before?
>>
>> Are other users seeing these warnings?
>>
>> I have 45 such alerts posted since Febrary 27 (in the /var/adm/messages* files).
>>
>> Bob
>> --
>> Bob Friesenhahn
>> bfriesen at simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
>> GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
>> _______________________________________________
>> OmniOS-discuss mailing list
>> OmniOS-discuss at lists.omniti.com
>> http://lists.omniti.com/mailman/listinfo/omnios-discuss
>
>
--
Bob Friesenhahn
bfriesen at simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
More information about the OmniOS-discuss
mailing list