Highlighted
New Member.
2010 views

possible SYN flooding on port 443. Sending cookies.

I have an older mobility server. 221 users. Version 1.2.4 build 966. Its on SLES 11 sp1. Also a bit dated. Early in the morning Saturday the server seems to stop processing, or was processing very slowly. The only thing I saw that was amiss was this log entry. Thousands of them. Lasted until we rebooted the server. Now it seems fine.


Jul 12 09:32:47 nms kernel: [19068718.353192] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:33:48 nms kernel: [19068779.209305] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:35:08 nms kernel: [19068859.312467] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:36:28 nms kernel: [19068939.968501] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:37:44 nms kernel: [19069015.633213] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:38:53 nms kernel: [19069084.946282] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:39:54 nms kernel: [19069145.463574] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:41:22 nms kernel: [19069233.341346] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:42:35 nms kernel: [19069306.923009] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:43:51 nms kernel: [19069383.011862] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:44:53 nms kernel: [19069444.443582] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:46:00 nms kernel: [19069511.754417] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:47:23 nms kernel: [19069594.405434] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:48:45 nms kernel: [19069676.473916] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:50:01 nms kernel: [19069752.779430] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:51:11 nms kernel: [19069822.638160] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:52:55 nms kernel: [19069926.410153] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:53:55 nms kernel: [19069986.419826] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:54:56 nms kernel: [19070047.483478] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:56:09 nms kernel: [19070120.700399] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:57:16 nms kernel: [19070188.037402] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:58:18 nms kernel: [19070249.581761] possible SYN flooding on port 443. Sending cookies.
Jul 12 09:59:24 nms kernel: [19070315.406488] possible SYN flooding on port 443. Sending cookies.
Jul 12 10:00:42 nms kernel: [19070393.070135] possible SYN flooding on port 443. Sending cookies.
Jul 12 10:01:51 nms kernel: [19070462.427939] possible SYN flooding on port 443. Sending cookies.
Jul 12 10:02:53 nms kernel: [19070524.829226] possible SYN flooding on port 443. Sending cookies.
Jul 12 10:04:01 nms kernel: [19070592.184385] possible SYN flooding on port 443. Sending cookies.


This is the last messages before reboot. No more entries since reboot. Probably could do some patching and update to latest Mobility server I am sure. Its been rock solid up until this little burp. Any ideas?
Labels (1)
Tags (3)
0 Likes
2 Replies
Highlighted
Absent Member.
Absent Member.

Re: possible SYN flooding on port 443. Sending cookies.

we've seen something similar on our OES11 SP2 boxes, but on port 524, this is when we migrate a large volume (in terms of users) to it. But since DS doesn't carry a replica or even edir, I 'm wondering if this is some verbose logging from the netware stack that got turned on at some point .....
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: possible SYN flooding on port 443. Sending cookies.

On 13/07/2015 14:26, tbundy427 wrote:

> I have an older mobility server. 221 users. Version 1.2.4 build 966. Its
> on SLES 11 sp1. Also a bit dated. Early in the morning Saturday the
> server seems to stop processing, or was processing very slowly. The only
> thing I saw that was amiss was this log entry. Thousands of them. Lasted
> until we rebooted the server. Now it seems fine.
>
>
> Jul 12 09:32:47 nms kernel: [19068718.353192] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:33:48 nms kernel: [19068779.209305] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:35:08 nms kernel: [19068859.312467] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:36:28 nms kernel: [19068939.968501] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:37:44 nms kernel: [19069015.633213] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:38:53 nms kernel: [19069084.946282] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:39:54 nms kernel: [19069145.463574] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:41:22 nms kernel: [19069233.341346] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:42:35 nms kernel: [19069306.923009] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:43:51 nms kernel: [19069383.011862] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:44:53 nms kernel: [19069444.443582] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:46:00 nms kernel: [19069511.754417] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:47:23 nms kernel: [19069594.405434] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:48:45 nms kernel: [19069676.473916] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:50:01 nms kernel: [19069752.779430] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:51:11 nms kernel: [19069822.638160] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:52:55 nms kernel: [19069926.410153] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:53:55 nms kernel: [19069986.419826] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:54:56 nms kernel: [19070047.483478] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:56:09 nms kernel: [19070120.700399] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:57:16 nms kernel: [19070188.037402] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:58:18 nms kernel: [19070249.581761] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 09:59:24 nms kernel: [19070315.406488] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 10:00:42 nms kernel: [19070393.070135] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 10:01:51 nms kernel: [19070462.427939] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 10:02:53 nms kernel: [19070524.829226] possible SYN flooding on
> port 443. Sending cookies.
> Jul 12 10:04:01 nms kernel: [19070592.184385] possible SYN flooding on
> port 443. Sending cookies.
>
>
> This is the last messages before reboot. No more entries since reboot.
> Probably could do some patching and update to latest Mobility server I
> am sure. Its been rock solid up until this little burp. Any ideas?


Whilst you might be able to tune the server config to stop the messages
the real solution is to upgrade SLES11 SP1 to SLES11 SP3 (via SLES11
SP2) and install GroupWise Mobility Service 2.1 in place of Data
Synchronizer Mobility Pack.

HTH.
--
Simon
Novell/NetIQ Knowledge Partner

------------------------------------------------------------------------
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
------------------------------------------------------------------------
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.