[linux-cifs-client] SYN_RECV flood

Shannon Johnson sjohnson at engr.psu.edu
Thu Jun 24 12:40:39 GMT 2004


I'm using the cifs module 1.17c on kernel 2.4.21 in Red Hat Enterprise
3. Occasionally when a user mounts their home directory and begins
running code that's somewhat network-intensive, the cifs module will
start flooding the server (Samba 3.0.5) with SYN_RECV packets. It
doesn't stop if I manually kill the process, but does stop immediately
if I unmount the share. After I unmount the share and the user remounts
it, everything works perfectly again for a random amount of time until
it happens again. Has anybody experienced this, and is there a fix for
it? Right now I have to continually monitor my server's logs for the
message:

Jun 24 08:29:08 server03 kernel: possible SYN flooding on port 139.
Sending cookies.

Then use netstat to find out which machine it is, and manually stop it.
This has been going on for the last 6 days or so. If anybody has any
suggestions of what I might try, please let me know.

Shannon

____________________________
 
Shannon Johnson
Network Support Specialist / Systems Administrator
Dept. of Mechanical and Nuclear Engineering
224 Reber Building
University Park, PA 16802
Phone: (814) 865-8267
____________________________
 

-------------- next part --------------
HTML attachment scrubbed and removed


More information about the linux-cifs-client mailing list