>about) between the NFS server and the kernel that produces the SYN flood
The SYN flood message said:
131.225.55.9 on 131.225.55.98:635
The NFS server is 131.225.55.98. So it's very very unlikely that the NFS
server generated the SYN flood because:
o the NFS server shouldn't use raw sockets to fill the IP header
from userspace so as worse the source of the SYN flood should be
131.225.55.98 and not 131.225.55.9
o the nfs server usually shouldn't use TCP so it's not going to
generate TCP-SYN packets anyway
NOTE: the 131.225.55.9 is not reliable. The attack could came from
everywhere in the world. You can trace it only by tracing the routing by
hand.
>messages. Maybe there's a relation there that's causing the mountd to
>die as well. I'm not intimately acquainted with the details - I just
>see the results.
Ok I understand.
IMHO the source of these problems is outside the kernel.
Andrea
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/