FYI! this is vinodh here! i have a doubt regarding "SYNFLOOD"
Im running a webserver with apache,tomcat,the problem is tomcat is down, when i debugged, # messages.log i found this - (Kernel: possible SYN flooding on port 8009. Sending cookies)
# mod.jk logs i found this - (Tomcat is down or refused connection. No response has been sent to the client (yet)
# error.log i found this - server reached MaxClients setting, consider raising the MaxClients setting
i know that the kernal have dropped the connections
a) my doubt is this is a syn attack? b) does the syn attack is the reason for tomcat down? c) when there is a syn flood - i have an alert from my monitoring tool d)could plz clarify me
does syn attack is responsible for tomcat down or does it is the increase in no of maximum clents as per error log is the cause of the tomcat down?
i googled & searched all forums, but i'm yet to find a solution!