Kai Schaetzl wrote:
> Chris Heiner wrote on Thu, 20 Nov 2008 08:48:50 -0800:
>
>> My firewall seems to block an attack my Centos / Sendmail boxes on port 110.
>
> port 110 is your POP server, probably dovecot.
>
>> These servers require a reboot after each attack.
>
> Because of what?
>
>> My firewall says it's
>> blocked?
>
> I don't see this statement in your logs. How/where does it say this?
>
>> Do I need to patch something on sendmail? Or is my firewall not
>> doing its job (Sonicwall)? This is not the first time this has happened.
>
> SYN floods are not unusual, even if it is not an attack.
> What or if you want to do something depends on your situation.
If you have a popular server you can get what appear to be syn floods
from broken asymmetrical routing or bad firewall settings that permit
what would ordinarily be a normal number of client connection requests
to reach you but keep your response from getting back. So the clients
sit and retry, hammering you with syn's.
Highlight