What would you like to know about my situation? I have 6 servers running Centos 4.x and every time I get a SYD flood on port 110 the servers require a reboot (all of them). Its been going on for a few months.
I have blocked the first few IP's but now its random, every few weeks.
Its only my Centos boxes as I have others that are not affect by it.
Does the help?
Thanks in advance.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Kai Schaetzl Sent: Thursday, November 20, 2008 11:31 AM To: centos@centos.org Subject: Re: [CentOS] SYD flood dropped on Sendmail (centos 4.x)
Chris Heiner wrote on Thu, 20 Nov 2008 08:48:50 -0800:
My firewall seems to block an attack my Centos / Sendmail boxes on port
110.
port 110 is your POP server, probably dovecot.
These servers require a reboot after each attack.
Because of what?
My firewall says it's blocked?
I don't see this statement in your logs. How/where does it say this?
Do I need to patch something on sendmail? Or is my firewall not doing its job (Sonicwall)? This is not the first time this has happened.
SYN floods are not unusual, even if it is not an attack. What or if you want to do something depends on your situation.
Kai