I have a web application setup apache+mod_jk+tomcat(connector for mod_jk on 8009 port). Recently my app started to hang few times a day and in /var/logs/messages there are entries like "possible SYN flooding on port 8009. Sending cookies" with 30-60 seconds. I have to restart each time when the app hangs.
Is it DDOS attack ? or system/application errors can cause this problem ?
Any help would be highly appreciated.
Thanks.
This article about tcp_syncookies might help explain the problem.
Someone or something is sending SYN packets to your application. It might be a legit client that does not receive the ACK cookie (is your application working?), or it might be someone malevolent (is it distributed or not).