lots of connections in SYN_RECV state
Dave Tian
dave.jing.tian at gmail.com
Fri Nov 7 10:49:35 EST 2014
Latest kernel provides a TCP SYN Cookie feature to defense from SYN flooding.
-daveti
> On Nov 6, 2014, at 11:58 PM, Silvan Jegen <me at sillymon.ch> wrote:
>
> 2014-11-06 16:15,Puneet Agarwal:
>> Is there a way to check the reason, why they do not answer to the
>> SYN-ACK's?
>
> I don't think so. After all, they just don't answer and they won't tell
> you why (AFAIK there is no way to ask them why either)...
>
> You could try to check for patterns in the incoming IP addresses to see
> from how many different places these connections are being made. I think
> that way it should be possible to figure out from which geographic
> location these problematic connections are coming from as well. What you
> would do with these findings I am not sure though.
>
> If these connection negatively impact the performance of your servers
> you should definitely look into to countermeasures mentioned in the RFC
> here.
>
> http://tools.ietf.org/html/rfc4987
>
>
> _______________________________________________
> Kernelnewbies mailing list
> Kernelnewbies at kernelnewbies.org
> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
More information about the Kernelnewbies
mailing list