Date: Fri, 07 May 2010 20:45:37 +0400 From: Sergey Matveychuk <sem@FreeBSD.org> To: freebsd-net@freebsd.org Subject: Segment failed SYNCOOKIE authentication Message-ID: <4BE443B1.2070704@FreeBSD.org>
next in thread | raw e-mail | index | archive | help
Hi. I have many messages on my box like this: tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) Some connections dropped. But it's legal connections. Looks like something wrong with syncache. An examples: 20:31:08.464499 IP XXX.YYY.240.5.50393 > XXX.YYY.234.8.8542: Flags [S], seq 4197725771, win 65535, options [mss 1353,nop,wscale 3,sackOK,TS val 3072911437 ecr 0], length 0 20:31:08.464548 IP XXX.YYY.234.8.8542 > XXX.YYY.240.5.50393: Flags [S.], seq 1425159360, ack 4197725772, win 65535, options [mss 1353,nop,wscale 3,sackOK,TS val 2395628971 ecr 3072911437], length 0 Looks good, but: May 7 20:31:09 cobalt kernel: TCP: [XXX.YYY.240.5]:50393 to [XXX.YYY.234.8]:8542 tcpflags 0x10<ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed) For 1.5 hours: % grep SYNCOOKIE /var/log/messages | wc -l 1727 Any ideas please? -- Sem.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BE443B1.2070704>