[CentOS] SYD flood dropped on Sendmail (centos 4.x)
maillists at conactive.com
Thu Nov 20 23:31:35 UTC 2008
Chris Heiner wrote on Thu, 20 Nov 2008 13:43:44 -0800:
> I get complaints about "the servers asking for username and password".
from your users or what? Of course, they may complain. A big dictionary
attack can take almost all the bandwidth for some time or leave a backlog
of dovecot instances.
Please, as I understand you are a server adminstrator for quite a few
machines, correct? Yet, you are answering in a way as if you just brought
your first server online.
Btw, it's a *SYN* flood, not a SYD flood and that won't change even if you
repeat it again and again.
> started test@ accounts all many servers to try and track it down.
Pardon, you did what?
> I have tried restarting POP and SMTP in the past
You may want to kill all dovecot instances, in case you *are* running
dovecot (if not, then of what you use, but I know that dovecot likes to
hang in this way if hammered). Just restarting it may not kill the backlog
of hanging connections. A "ps ax|grep login" would help to see if
instances are still running.
Restarting SMTP: again, this has nothing to do with SMTP!
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
More information about the CentOS