[3709] in linux-net channel archive
TCP denial of service?
daemon@ATHENA.MIT.EDU (Jon Lewis)
Mon Jul 15 23:51:42 1996
Date: Mon, 15 Jul 1996 18:52:05 -0400 (EDT)
From: Jon Lewis <jlewis@inorganic5.fdt.net>
To: Linux Net Mailing List <linux-net@vger.rutgers.edu>
I just had a strange one on our mail mail/shell server. It runs Linux
2.0.4, sendmail 8.6.12, libc 4.7.6. Uptime was nearly 8 days. All of a
sudden, incoming mail could no longer be accepted. Attempts to telnet to
port 25 would get as far as:
Trying 205.229.48.17...
and hang.
I looked at netstat -tn, and saw lots of connections to :25 in TIME_WAIT,
and about 10 in SYN_RECV. The ones in SYN_RECV were from another server
of ours on another backbone providers net...and the routing was out, so
that address was unreachable. When the routing returned, the SYN_RECV's
went away, and sendmail was able to receive connections again. Is it
possible to increase the number of SYN_RECV's that can stack up before
connections start to hang?
------------------------------------------------------------------
Jon Lewis | Mime attachments are OK
jlewis@inorganic5.fdt.net | But please ask before sending
http://inorganic5.fdt.net | unsolicited huge files.
________Finger jlewis@inorganic5.fdt.net for PGP public key_______
