[Interest] TCP SYN flood attack.
Bill Crocker
william.crocker at analog.com
Wed Jun 10 01:23:05 CEST 2015
Dear Qt enthusiasts:
I am having a problem with my large,
distributed QT based client/server app.
It periodically appears as if the
server machine is under a SYN flood attack.
>netstat -ts | grep -i syn
7563748 invalid SYN cookies received
75 resets received for embryonic SYN_RECV sockets
151 SYNs to LISTEN sockets ignored
The "invalid SYN cookies received" number increases
with each repeated issue of the netstat command.
During this time it is difficult, if not possible,
to connect to the server.
The source of the SYN flood has been traced back, using
wireshark, to a number of the machines running the client side
of my Qt based app. (of course the machine is running
other programs, but let's assume my app is guilty for now.)
I use QTcpSocket to connect to the server.
Is there any way I could be using sockets improperly
such that my app is the source of the SYN flood attack
perceived by the server.
Thanks.
Bill
More information about the Interest
mailing list