Help: kernel: TCP: Possible SYN flooding on port 60543. Sending cookies.

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

amorak

Regular Contributor
Getting the below error constantly. Would love some advice on how to diagnose it as a concern or not...

1611532173718.png
 

ColinTaylor

Part of the Furniture
The quickest way to identify the source of the problem is probably to systematically turn off each of your clients until the messages top. I'd start with IoT and "smart" devices.
 

amorak

Regular Contributor
Thanks for the reply! Is there a log I can look at to figure out which MAC is causing these syn floodings? I have 60 devices connected, so it's a PITA to disconnect and determine what's causing it....
 

ColinTaylor

Part of the Furniture
The only information is what's shown. :(

You could SSH into the router and issue the following command to try and determine what service is being hammered.

Code:
netstat -ntap | grep 60543
Change 60543 to the port number currently shown in the syslog.

My guess is that it's probably the router's Media Server. If it is and you don't actually use that you can turn it off.
 

amorak

Regular Contributor
Thanks Colin, that worked great! It's all my 4-5 Belkin Wemo's... Which has been having connection troubles as of late! Any thoughts there on what to do?
 

ColinTaylor

Part of the Furniture
Sorry what "worked great"? I don't know anything about Wemo's. What was the output of the netstat command?
 

amorak

Regular Contributor
Sorry what "worked great"? I don't know anything about Wemo's. What was the output of the netstat command?

Sorry - I meant that it worked great in helping me determine the IPs that were causing the flooding. It was 4 or 5 iPs, all belonging to my WEMO smart plugs. I then googled it and came across this thread below here on SMB, that others came in and fixed it by disabling uPnP. I've done the same and the flooding in the syslog is gone.

 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top