Thanks a lot Laban,
Let me have a look at this and revert with findings


On Thu, Jun 6, 2013 at 10:42 PM, Laban Mwangi <lmwangi@gmail.com> wrote:
http://blog.dubbelboer.com/2012/04/09/syn-cookies.html

On Thu, Jun 6, 2013 at 7:26 PM, Laban Mwangi <lmwangi@gmail.com> wrote:
> http://serverfault.com/questions/294209/possible-syn-flooding-in-log-despite-low-number-of-syn-recv-connections
>
>
> On Thu, Jun 6, 2013 at 7:24 PM, Laban Mwangi <lmwangi@gmail.com> wrote:
>>
>> Set up a rotary pcap on the interface then put an alarm around your
>> syslog. Stop the packet capture when your alarm fires  and analyse the pcap
>> files.
>> Something along the lines of:
>> Shell 1:
>> tcpdump -C 100 -i ethX -s0 -w sample.pcap -W 5
>>
>> Shell 2:
>> while true;
>> do
>>  tail -n 100 /var/log/syslog | grep max_syn_backlog && pkill tcpdump;
>> done
>>
>> On Thu, Jun 6, 2013 at 5:31 PM, Simon Mburu <sgatonye@gmail.com> wrote:
>>>
>>> Hello Skunks,
>>>
>>> I am having an issue with SYN flooding on a Sigtran USSD gateway. I keep
>>> getting the following message "Jun  6 18:20:09 ussd kernel: possible SYN
>>> flooding on port 5420. Sending cookies." thus making connection/listening to
>>> port 5420 impossible.
>>>
>>> I have tried increasing the the tcp_max_syn_backlog to 4096, 5012 and
>>> 65536 but to no avail.
>>> My sysctl -p looks like the below
>>>
>>> net.ipv4.icmp_echo_ignore_broadcasts = 1
>>> net.ipv4.conf.all.rp_filter = 1
>>> fs.inotify.max_user_watches = 65536
>>>
>>> My netstat -tuna | grep SYN never shows entries more than 12.
>>>
>>> I have also noted that once i stop the gateway, the SYN flooding is no
>>> longer there thus removing the fear of outside attacks.
>>>
>>> What could my problem/solution.
>>> NB: I am trying to avoid solutions that will mean I have to recompile my
>>> kernel.
>>>
>>> Kind Regards,
>>> Frustrated Simon
>>>
>>>
>>> _______________________________________________
>>> skunkworks mailing list
>>> skunkworks@lists.my.co.ke
>>> ------------
>>> List info, subscribe/unsubscribe
>>> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>>> ------------
>>>
>>> Skunkworks Rules
>>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>>> ------------
>>> Other services @ http://my.co.ke
>>
>>
>
_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke