Occasionally a busy web server may exhibit symptoms which could be
interpreted as a SYN flood. Usually this is not the case. Under a true
SYN flood a system would show large numbers of connections in the
SYN_RCVD
state as shown with netstat -na
.
On Solaris, the /dev/tcp
driver has a default limit of 1024
active connections. This can be queried using the ndd
command as shown below:
ndd -get /dev/tcp tcp_conn_req_max_q ndd -get /dev/tcp tcp_conn_req_max_q0It is also possible to set the maximum active connection size using the
-set
option to ndd
.