> I keep getting these messages in my syslog:
>
> May 16 00:02:50 news kernel: validated probe(84586bcf, 3cabace, 1143, 119,
> -902237006)
> May 16 00:02:50 news kernel: validated probe(9bcabace, 3cabace, 3682, 119,
> 23773801)
These are synflood protection at work. Your kernel noticed rapid
connection requests on port 119, and checked to see if you were being syn
flooded by unreachable addresses. Validated probe means it was able to
communicate with the remote end. The "cryptic bits" are remote IP
address, local IP address, remote port #, local port #. I submitted a
patch that prints the addresses in this printk in the more user friendly
"dotted quad" format rather than hex. Hopefully it will make it into
2.0.31....
nudging Eric S. :)
AFAIK, these are quite normal on busy servers doing lots of TCP. I get
lots of them on my news and irc servers:
Warning: possible SYN flooding. Sending cookies.
validated probe(9836e5cd, 1230e5cd, 1317, 119, 1784398911)
validated probe(9836e5cd, 1230e5cd, 1318, 119, 1165649768)
validated probe(9836e5cd, 1230e5cd, 1319, 119, 823739340)
Warning: possible SYN flood from 199.224.69.111. Sending cookies.
validated probe(199.224.69.111:1050, 205.229.48.20:6667, -1195328974)
Warning: possible SYN flood from 207.164.147.92. Sending cookies.
validated probe(207.164.147.92:1175, 205.229.48.20:6667, 1716430278)
------------------------------------------------------------------
Jon Lewis <jlewis@fdt.net> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/hr.
________Finger jlewis@inorganic5.fdt.net for PGP public key_______