SYN-FLOOD to LDAPS port from clients
Ryan Golhar
ryangolhar at verizon.net
Tue May 25 02:09:42 UTC 2004
I'm running an LDAP server to authenticate users using secure ldap on
port 636 -- standard port. The client access the server and I get the
following messages on server from the firewall:
May 23 04:02:10 myserver kernel: SYN-FLOOD: IN=eth0 OUT=
MAC=00:07:e9:ac:2a:22:00:04:c1:55:a7:c2:08:00 SRC=192.168.10.122
DST=192.168.10.2 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=31600 DF PROTO=TCP
SPT=36082 DPT=636 WINDOW=5840 RES=0x00 SYN URGP=0
I get these quite frequently from each client. My iptables firewall
rule is as follows:
On the input chain:
-A LINWIZ-INPUT -p tcp -m tcp --syn -j SYN-FLOOD
On the SYN-FLOOD chain:
-A SYN-FLOOD -m limit --limit 1/s --limit-burst 4 -j RETURN
-A SYN-FLOOD -j LOG --log-prefix "SYN-FLOOD: "
-A SYN-FLOOD -j DROP
Are my rules incorrect, or is it truly ldap clients flooding the server?
-----
Ryan Golhar
Computational Biologist
The Informatics Institute at
The University of Medicine & Dentistry of NJ
Phone: 973-972-5034
Fax: 973-972-7412
Email: golharam at umdnj.edu
More information about the redhat-list
mailing list