I'm using ASL with a 1mb SDSL connection at one of our sites. Yesterday I began receiving calls indicating the connection speed has slowed drastically.
The network report is showing 1mb of traffic continually on the external interface and I'm seeing a LOT of the following lines in my kernal log:
2004:12:08-00:10:42 (none) kernel: ip_conntrack_tcp: INVALID: invalid SYN (ignored) SRC=64.4.23.93 DST=(my firewall IP) LEN=64 TOS=0x00 PREC=0x00 TTL=119 ID=1513 PROTO=TCP SPT=80 DPT=53993 SEQ=1533751147 ACK=933350432 WINDOW=16384 RES=0x00 ACK SYN URGP=0 OPT (020405B4010303000101080A000000000000000001010402)
2004:12:08-00:14:41 (none) kernel: ip_conntrack_tcp: IGNORED: Out of window data; SEQ is over the upper bound (over the window of the receiver)
2004:12:08-00:14:41 (none) kernel: SRC=64.4.23.93 DST=(my fw ip) LEN=1500 TOS=0x00 PREC=0x00 TTL=119 ID=64415 DF PROTO=TCP SPT=80 DPT=48997 SEQ=2079544546 ACK=767679150 WINDOW=65198 RES=0x00 ACK URGP=0 OPT (0101080A0AAB7A4A0808DE52)
Does this indicate a syn flood and an inprogress DOS attack? Any suggestions on what I could do about this problem?
Thanks!
Bob
This thread was automatically locked due to age.