Logging inconsistencies during apparent DoS

Istvan Szukacs leccine at gmail.com
Sat Jul 26 16:32:44 MSD 2008


In every modern operating system including: linux*, *bsd, a couple of 
other unix-like systems there is syn cookie to avoid the situation when 
somebody flood your server with only SYN packets starting  thousands of 
webserver process


on linux:

echo 1 > /proc/sys/net/ipv4/tcp_syncookies

on freebsd

sysctl -w net.inet.tcp.syncookies=1

I dont know that much MacOS but I guess you have but try to search 
something like this with sysctl -a | grep syn and probably there is the 
same sysctl.

John Barratt wrote:
> Hi,
>     We have been having problems with an apparent SYN-flood DoS 
> attack. However there are are inconsistencies with the resulting log 
> entries in nginx that along with the environment it is in, make me 
> wonder if it really is a DoS attack, and/or there is something else 
> going wrong.
> We are running nginx 0.6.31 on OSX 10.5 Server.  Details of the 
> problem go something like this :

More information about the nginx mailing list