Robert Watson wrote: > On Tue, 10 Jul 2007, Mike Silbersack wrote: > >> On Tue, 10 Jul 2007, Eygene Ryabinkin wrote: >> >>> Can't say that I am pushing much traffic through my box, but after >>> applying your patch and rebuilding the kernel I am still seeing the >>> messages like ----- TCP: [209.132.176.NNN]:NNN to >>> [144.206.NNN.NNN]:NNN tcpflags 0x19<FIN,PUSH,ACK>; syncache_expand: >>> Segment failed SYNCOOKIE authentication, segment rejected (probably >>> spoofed) TCP: [201.90.65.NNN]:NNN to [144.206.NNN.NNN]:NNN; >>> syncache_timer: Response timeout ----- But what had changed is that >>> the lines with the 'syncache_timer' started to appear. There were no >>> such lines prior to the patch, only the 'failed SYNCOOKIE' ones. >> >> The "syncache_timer: Response timeout" message means that the syncache >> sent a SYN-ACK response four times, but still didn't receive a >> response. This probably means that someone tried using a port scanner >> or was going through a faulty firewall. We'll definitely have to take >> that log message out before 7.0 is released. > > As I mentioned to Andre before he committed the log message support, > there needs to be an administrative twiddle for it, and pretty much all > need to either be rate-limited or turned off by default when we get to > the release. Otherwise they make very easy DoS opportunities, especially > for systems with serial consoles. Yes, I'm aware of that and will provide an appropriate patch shortly. -- AndreReceived on Wed Jul 11 2007 - 21:35:12 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:14 UTC