Re: understanding SYN flooding detection

Wed, 19 Mar 1997 20:52:34 +0000 (GMT)

> Mar 17 00:49:20 dns kernel: Warning: possible SYN flooding. Sending cookies.
> Mar 17 00:49:21 dns last message repeated 67 times

We ought toi control the rate of the log message

> Well 3c81e0c2 is my IP dirrection, and dc2ace82 I assume is the sender
> (attacker?). Why are the addresses in hex rather than dot decimal?

Easier to print,.

> My interpretation is that somebody has flooded the irc port to kill the
> server, am I right? What are the chances that this is not an attack, but
> just "one of those things?"

I've seen mac and dos Irc clients go bananas and do that. Since its easy
to fake your source address and they dont seem to have it may have been
an exploding computer rather than an attack