[CentOS] SYD flood dropped on Sendmail (centos 4.x)

Thu Nov 20 23:31:35 UTC 2008
Kai Schaetzl <maillists at conactive.com>

Chris Heiner wrote on Thu, 20 Nov 2008 13:43:44 -0800:

> I get complaints about "the servers asking for username and password".

from your users or what? Of course, they may complain. A big dictionary 
attack can take almost all the bandwidth for some time or leave a backlog 
of dovecot instances.
Please, as I understand you are a server adminstrator for quite a few 
machines, correct? Yet, you are answering in a way as if you just brought 
your first server online.

Btw, it's a *SYN* flood, not a SYD flood and that won't change even if you 
repeat it again and again.

I
> started test@ accounts all many servers to try and track it down.

Pardon, you did what?

> I have tried restarting POP and SMTP in the past

You may want to kill all dovecot instances, in case you *are* running 
dovecot (if not, then of what you use, but I know that dovecot likes to 
hang in this way if hammered). Just restarting it may not kill the backlog 
of hanging connections. A "ps ax|grep login" would help to see if 
instances are still running.
Restarting SMTP: again, this has nothing to do with SMTP!

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com