Hello Skunks,

I am having an issue with SYN flooding on a Sigtran USSD gateway. I keep getting the following message "Jun  6 18:20:09 ussd kernel: possible SYN flooding on port 5420. Sending cookies." thus making connection/listening to port 5420 impossible.

I have tried increasing the the tcp_max_syn_backlog to 4096, 5012 and 65536 but to no avail.
My sysctl -p looks like the below

net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.rp_filter = 1
fs.inotify.max_user_watches = 65536

My netstat -tuna | grep SYN never shows entries more than 12.

I have also noted that once i stop the gateway, the SYN flooding is no longer there thus removing the fear of outside attacks.

What could my problem/solution.
NB: I am trying to avoid solutions that will mean I have to recompile my kernel.

Kind Regards,
Frustrated Simon