Segment failed SYNCOOKIE authentication
Sergey Matveychuk
sem at FreeBSD.org
Fri May 7 17:27:27 UTC 2010
Hi.
I have many messages on my box like this: tcpflags 0x10<ACK>;
syncache_expand: Segment failed SYNCOOKIE authentication, segment
rejected (probably spoofed)
Some connections dropped. But it's legal connections. Looks like
something wrong with syncache.
An examples:
20:31:08.464499 IP XXX.YYY.240.5.50393 > XXX.YYY.234.8.8542: Flags [S],
seq 4197725771, win 65535, options [mss 1353,nop,wscale 3,sackOK,TS val
3072911437 ecr 0], length 0
20:31:08.464548 IP XXX.YYY.234.8.8542 > XXX.YYY.240.5.50393: Flags [S.],
seq 1425159360, ack 4197725772, win 65535, options [mss 1353,nop,wscale
3,sackOK,TS val 2395628971 ecr 3072911437], length 0
Looks good, but:
May 7 20:31:09 cobalt kernel: TCP: [XXX.YYY.240.5]:50393 to
[XXX.YYY.234.8]:8542 tcpflags 0x10<ACK>; syncache_expand: Segment failed
SYNCOOKIE authentication, segment rejected (probably spoofed)
For 1.5 hours:
% grep SYNCOOKIE /var/log/messages | wc -l
1727
Any ideas please?
--
Sem.
More information about the freebsd-net
mailing list