SYN flooding on port 80. - how often does this ppear at exits usually ?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Recently I realized these log messages tor-relay ~ # zgrep SYN /var/log/kern* /var/log/kern.log:Oct 11 13:43:47 tor-relay kernel: [132045.057945] TCP: request_sock_TCP: Possible SYN flooding on port 80. Sending cookies. Check SNMP counters. /var/log/kern.log-20150927.gz:Sep 22 08:05:43 tor-relay kernel: [47670.548282] TCP: request_sock_TCP: Possible SYN flooding on port 80. Sending cookies. Check SNMP counters. /var/log/kern.log-20151005.gz:Sep 28 11:06:32 tor-relay kernel: [576607.272239] TCP: request_sock_TCP: Possible SYN flooding on port 80. Sending cookies. Check SNMP counters. /var/log/kern.log-20151005.gz:Oct 2 08:04:21 tor-relay kernel: [911078.601891] TCP: request_sock_TCP: Possible SYN flooding on port 80. Sending cookies. Check SNMP counters. /var/log/kern.log-20151011.gz:Oct 8 11:35:23 tor-relay kernel: [1441827.102566] TCP: request_sock_TCP: Possible SYN flooding on port 80. Sending cookies. Check SNMP counters. and do just wonder how often this is expected to appear in the mean a tor server and if there's something special to do in this case ? - -- Toralf, pgp key: 872AE508 0076E94E -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAlYbvOYACgkQxOrN3gB26U5VOwD/RNq50pluX2afABKTGmNwPQhH qxMGSdL+F1aB1Lf82WEA/j6W9U5QHybtseNlNDKcDmdAG4RlAwDMs6x2Fh4cjErE =dHy8 -----END PGP SIGNATURE-----
Hi, Or your server can't eat all traffic or you are under attack time to time. Check this: http://blog.dubbelboer.com/2012/04/09/syn-cookies.html On 12 October 2015 at 16:00, Toralf Förster <toralf.foerster@gmx.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Recently I realized these log messages
tor-relay ~ # zgrep SYN /var/log/kern* /var/log/kern.log:Oct 11 13:43:47 tor-relay kernel: [132045.057945] TCP: request_sock_TCP: Possible SYN flooding on port 80. Sending cookies. Check SNMP counters. /var/log/kern.log-20150927.gz:Sep 22 08:05:43 tor-relay kernel: [47670.548282] TCP: request_sock_TCP: Possible SYN flooding on port 80. Sending cookies. Check SNMP counters. /var/log/kern.log-20151005.gz:Sep 28 11:06:32 tor-relay kernel: [576607.272239] TCP: request_sock_TCP: Possible SYN flooding on port 80. Sending cookies. Check SNMP counters. /var/log/kern.log-20151005.gz:Oct 2 08:04:21 tor-relay kernel: [911078.601891] TCP: request_sock_TCP: Possible SYN flooding on port 80. Sending cookies. Check SNMP counters. /var/log/kern.log-20151011.gz:Oct 8 11:35:23 tor-relay kernel: [1441827.102566] TCP: request_sock_TCP: Possible SYN flooding on port 80. Sending cookies. Check SNMP counters.
and do just wonder how often this is expected to appear in the mean a tor server and if there's something special to do in this case ?
- -- Toralf, pgp key: 872AE508 0076E94E -----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iF4EAREIAAYFAlYbvOYACgkQxOrN3gB26U5VOwD/RNq50pluX2afABKTGmNwPQhH qxMGSdL+F1aB1Lf82WEA/j6W9U5QHybtseNlNDKcDmdAG4RlAwDMs6x2Fh4cjErE =dHy8 -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 10/12/2015 07:04 PM, ZEROF wrote:
Hi,
Or your server can't eat all traffic or you are under attack time to time. Check this:
Ah thx, So b/c I do just serve a DirPort on port 80 I do assume just a weekly attack attempt. So nothing to worry about. - -- Toralf, pgp key: 872AE508 0076E94E -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAlYcAycACgkQxOrN3gB26U6lPgEAhpt2Bk0UORKanBzt0kDxTsc6 CRa54r5Ntzp3rYfcurkA/iiwzlt9Yyhww1HCPjzHyzPvT9JBBB7AWE1l/Lts1LK6 =sDjz -----END PGP SIGNATURE-----
participants (2)
-
Toralf Förster -
ZEROF