With climbing synflood you mean somebody is really flooding (as verified
by tcpdump and seeing lots of 'S' packets with random source addresses) ?
If not, it is possible that it is just normal overload, you get more
connection attempts than your server can process.
If it is a real flood:
SYN floods cannot really be prevented, just their effects can be neutralized.
As long as the system still allows new connections I wouldn't worry too much.
Service is a bit degraded thought, but not too much.
> Is there anything that can be done about this...
If it is just overload you can try to increase the listen queue size
for your software, or tune your server.
Real Synfloods are hard to track down because they usually use random
spoofed source address. Usually they stop rather quickly because the
attacker gets bored soon.
-Andi
-- This is like TV. I don't like TV.- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/