[Interest] TCP SYN flood attack.

Bill Crocker william.crocker at analog.com
Wed Jun 10 01:23:05 CEST 2015

Dear Qt enthusiasts:

I am having a problem with my large,
distributed QT based client/server app.
It periodically appears as if the
server machine is under a SYN flood attack.

>netstat -ts | grep -i syn
     7563748 invalid SYN cookies received
     75 resets received for embryonic SYN_RECV sockets
     151 SYNs to LISTEN sockets ignored

The "invalid SYN cookies received" number increases
with each repeated issue of the netstat command.
During this time it is difficult, if not possible,
to connect to the server.

The source of the SYN flood has been traced back, using
wireshark, to a number of the machines running the client side
of my Qt based app. (of course the machine is running
other programs, but let's assume my app is guilty for now.)

I use QTcpSocket to connect to the server.
Is there any way I could be using sockets improperly
such that my app is the source of the SYN flood attack
perceived by the server.



More information about the Interest mailing list