21 Feb
2021
21 Feb
'21
5:10 p.m.
On 2/21/21 12:37 PM, niftybunny wrote:
If I get say 20000 connections from a single IP it would be blocked with iptables.
Even much less looks unusal
With this command
watch -d -x bash -c 'ss --all --numeric --processes state syn-recv | sort -k 5 -n'
I do see a handful of addresses - and at least one (rather new) Tor relay is among them - which makes one SYN-RECV after the other w/o finishing the handshake.
-- Toralf