I get complaints about "the servers asking for username and password". I started test@ accounts all many servers to try and track it down. And it happens to all the servers that receive a SYN Flood. I.E. the problem with each server co insides with firewall logs. Its a pattern every few weeks, sometimes a few servers sometimes 2 or 3 but it always matches up with the firewall log. I now have emails sent to me to alert of a port 110 SYD flood so I am aware of the problem before I get a full voicemail box from complaints. Most of the time it's in the middle of the night at 2am to 3am and the problem is resolved by start of business day. So that would rule out heavy usage from my users as the network reports show that it's quiet. We have 10 MB fiber connection and all traffic is logged at many levels.
I have tried restarting POP and SMTP in the past, but rebooting seems to work and if there isnt a fix I will have to continue this as I have many other networking issues to resolve.
I just thought I would throw this problem out to the group and see if anyone has any good ideas.
I have tracked this mail list for years and everyone is extremely knowledgeable.
Thanks for any replies..
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Kai Schaetzl Sent: Thursday, November 20, 2008 12:53 PM To: centos@centos.org Subject: Re: [CentOS] SYD flood dropped on Sendmail (centos 4.x)
Chris, you still didn't answer *why* you have to reboot them. What exactly is the symptom that makes you think you have to reboot?
I assume now that with "My firewall says it's blocked" you referred to the drops? (Next time say so, as this wording is really ambiguous.)
What would you like to know about my situation? I have 6 servers running
Yeah, so you are not a home user where one could rate-limit the port ;-)
Kai