[tor-relays] SYN flooding on port 80. - how often does this ppear at exits usually ?

ZEROF security at netmajstor.com
Mon Oct 12 17:04:15 UTC 2015


Hi,

Or your server can't eat all traffic or you are under attack time to time.
Check this:

http://blog.dubbelboer.com/2012/04/09/syn-cookies.html

On 12 October 2015 at 16:00, Toralf Förster <toralf.foerster at gmx.de> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Recently I realized  these log messages
>
>
> tor-relay ~ # zgrep SYN /var/log/kern*
> /var/log/kern.log:Oct 11 13:43:47 tor-relay kernel: [132045.057945] TCP:
> request_sock_TCP: Possible SYN flooding on port 80. Sending cookies.  Check
> SNMP counters.
> /var/log/kern.log-20150927.gz:Sep 22 08:05:43 tor-relay kernel:
> [47670.548282] TCP: request_sock_TCP: Possible SYN flooding on port 80.
> Sending cookies.  Check SNMP counters.
> /var/log/kern.log-20151005.gz:Sep 28 11:06:32 tor-relay kernel:
> [576607.272239] TCP: request_sock_TCP: Possible SYN flooding on port 80.
> Sending cookies.  Check SNMP counters.
> /var/log/kern.log-20151005.gz:Oct  2 08:04:21 tor-relay kernel:
> [911078.601891] TCP: request_sock_TCP: Possible SYN flooding on port 80.
> Sending cookies.  Check SNMP counters.
> /var/log/kern.log-20151011.gz:Oct  8 11:35:23 tor-relay kernel:
> [1441827.102566] TCP: request_sock_TCP: Possible SYN flooding on port 80.
> Sending cookies.  Check SNMP counters.
>
>
> and do just wonder how often this is expected to appear in the mean a tor
> server and if there's something special to do in this case ?
>
>
> - --
> Toralf, pgp key: 872AE508 0076E94E
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iF4EAREIAAYFAlYbvOYACgkQxOrN3gB26U5VOwD/RNq50pluX2afABKTGmNwPQhH
> qxMGSdL+F1aB1Lf82WEA/j6W9U5QHybtseNlNDKcDmdAG4RlAwDMs6x2Fh4cjErE
> =dHy8
> -----END PGP SIGNATURE-----
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>



-- 
http://www.backbox.org
http://www.pentester.iz.rs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20151012/89876ff1/attachment.html>


More information about the tor-relays mailing list