Re: SYN Flood Attack
From: Habeebulla Suhail (suhail_at_ALRAJHIBANK.COM.SA)
Date: Tue, 19 Jul 2005 19:24:23 +0300 To: aix-l@Princeton.EDU
This APAR IY70027 didn't help
Look at the number of connections in SYN_RCVD state
# netstat -an |grep SYN_RCVD|wc -l
Anything else that help us resolve the problem?
Technical Support Department
Al Rajhi Banking & Inv Corp
P O Box 22022
Internal Extension : 6490
Unix is user friendly.
It's just picky about who it makes friends with!
And even the best of friends disagree sometime!
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU] On Behalf Of
Sent: Tuesday, July 19, 2005 5:55 PM
Subject: Re: SYN Flood Attack
On Tue, Jul 19, 2005 at 05:36:48PM +0300, Habeebulla Suhail wrote:
> Yes it is affecting our operations.
> We made some parameter changes like
> But still when I do
> Netstat -an |grep SYN_RCVD |wc -l
> The value ranges from 1 to 385, once it hits 385, our network guys
> the server is not responding.
> We tried to apply bos.net.tcp.client 22.214.171.124, it had a worse affect.
> We have opened a pmr with IBM and waiting for a response from them.
> I haven't done any packet filtering before, can you tell me what
> I do?
Maybe this helps?
-- Officer: We've analyzed their attack, sir, and there is a danger. Should I have your ship standing by? Governor Tarkin: Evacuate? In our moment of triumph? I think you overestimate their chances.