lots of connections in SYN_RECV state
Silvan Jegen
me at sillymon.ch
Thu Nov 6 09:30:46 EST 2014
Hi
Am 2014-11-06 14:27, schrieb Puneet Agarwal:
> I have a couple of servers, for the past few days I am seeing lots of
> connections in SYN_RECV state in netstat commands output.
This *could* be the result of a SYN-flood attack on your server.
> Is there a solution to this problem?
The Wikipedia page mentions some countermeasures (if it indeed is an
attack and not a networking stack issue).
http://en.wikipedia.org/wiki/SYN_flood
Maybe you could check from which IP addresses these SYNs come from and
investigate why they do not answer to the SYN-ACK request of your
server.
Cheers,
Silvan
More information about the Kernelnewbies
mailing list