Re: SYN Flood Attack

From: Habeebulla Suhail (suhail_at_ALRAJHIBANK.COM.SA)
Date: 07/19/05

  • Next message: David Schuler: "RSA SecurID on AIX 5.3" 
    Date:         Tue, 19 Jul 2005 19:24:23 +0300
To: aix-l@Princeton.EDU

    This APAR IY70027 didn't help

    Look at the number of connections in SYN_RCVD state

    # netstat -an |grep SYN_RCVD|wc -l
         221

    Anything else that help us resolve the problem?

    Regards,
    Habeebulla Suhail
    Technical Support Department
    Al Rajhi Banking & Inv Corp
    P O Box 22022
    Riyadh 11495
    Internal Extension : 6490
    Phone: 211-6490
    Fax: 4601711
    mailto:suhail@alrajhibank.com.sa
    Unix is user friendly.
    It's just picky about who it makes friends with!
    And even the best of friends disagree sometime!

    -----Original Message-----
    From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU] On Behalf Of
    Hans-Dieter Kutz
    Sent: Tuesday, July 19, 2005 5:55 PM
    To: aix-l@Princeton.EDU
    Subject: Re: SYN Flood Attack

    On Tue, Jul 19, 2005 at 05:36:48PM +0300, Habeebulla Suhail wrote:
    > Yes it is affecting our operations.
    > We made some parameter changes like
    > Clean_partial_conns=1
    > Tcp_keepinit=40
    > But still when I do
    > Netstat -an |grep SYN_RCVD |wc -l
    >
    > The value ranges from 1 to 385, once it hits 385, our network guys
    tell
    > the server is not responding.
    > We tried to apply bos.net.tcp.client 5.2.0.62, it had a worse affect.
    > We have opened a pmr with IBM and waiting for a response from them.
    >
    > I haven't done any packet filtering before, can you tell me what
    should
    > I do?
    >
    http://techsupport.services.ibm.com/server/criticalfixes3/criticalfixes.
    html
    Maybe this helps?
    IY70027

    Cheers,
    ku 

    -- 
Officer:
	We've analyzed their attack, sir, and there is a danger.
	Should I have your ship standing by?
Governor Tarkin:
	Evacuate? In our moment of triumph? I think you
	overestimate their chances.
  • Next message: David Schuler: "RSA SecurID on AIX 5.3"

    Relevant Pages

    • Re: SYN Flood Attack
      ... Number of cpu and memory is quite enough. ... Habeebulla Suhail ... And even the best of friends disagree sometime! ... Subject: SYN Flood Attack ...
      (AIX-L)
    • Re: SYN Flood Attack
      ... packet filtering wont help against syn flood attacks ... Subject: SYN Flood Attack ... I haven't done any packet filtering before, can you tell me what should ... > And even the best of friends disagree sometime! ...
      (AIX-L)