[CentOS] SYD flood dropped on Sendmail (centos 4.x)
John Hinton
webmaster at ew3d.com
Thu Nov 20 20:38:26 UTC 2008
John Hinton wrote:
> Chris Heiner wrote:
>>
>> My guys,
>>
>> My firewall seems to block an attack my Centos / Sendmail boxes on
>> port 110. These servers require a reboot after each attack. My
>> firewall says it’s blocked? Do I need to patch something on sendmail?
>> Or is my firewall not doing its job (Sonicwall)? This is not the
>> first time this has happened.
>>
>> 11/20/2008 02:53:04.864 - SYN flood attack dropped - 75.2.205.141,
>> 48102 - 10.80.80.210, 110
>>
>> 11/20/2008 03:08:04.864 - SYN flood attack dropped - 75.2.205.141,
>> 64955, greatcooks.biz - 10.80.80.220, 110
>>
>> 11/20/2008 03:23:08.864 - SYN flood attack dropped - 75.2.205.141,
>> 43068, greatcooks.biz - 10.80.80.210, 110
>>
>> Any input would be much appreciated.
>>
>> Thanks.
>>
> If these are to bogus email addresses, you might try letting sendmail
> itself throttle the attacks. Look into sendmail's BAD_RCPT_THROTTLE.
> This has done wonders for my systems.
>
> John Hinton
Duh... obviously I can't read. Sorry.
John Hinton
More information about the CentOS
mailing list