[CentOS] SYD flood dropped on Sendmail (centos 4.x)

John Hinton webmaster at ew3d.com
Thu Nov 20 20:24:22 UTC 2008


Chris Heiner wrote:
>
> My guys,
>
> My firewall seems to block an attack my Centos / Sendmail boxes on 
> port 110. These servers require a reboot after each attack. My 
> firewall says it’s blocked? Do I need to patch something on sendmail? 
> Or is my firewall not doing its job (Sonicwall)? This is not the first 
> time this has happened.
>
> 11/20/2008 02:53:04.864 - SYN flood attack dropped - 75.2.205.141, 
> 48102 - 10.80.80.210, 110
>
> 11/20/2008 03:08:04.864 - SYN flood attack dropped - 75.2.205.141, 
> 64955, greatcooks.biz - 10.80.80.220, 110
>
> 11/20/2008 03:23:08.864 - SYN flood attack dropped - 75.2.205.141, 
> 43068, greatcooks.biz - 10.80.80.210, 110
>
> Any input would be much appreciated.
>
> Thanks.
>
If these are to bogus email addresses, you might try letting sendmail
itself throttle the attacks. Look into sendmail's BAD_RCPT_THROTTLE.
This has done wonders for my systems.

John Hinton



More information about the CentOS mailing list