dmesg "possible SYN flooding on port 143. Sending cookies."

[Red Squirrel]

I noticed this in my dmesg for my main home server. It's quite alarming considering that port is not even open to the outside. Anyone know what could cause this, and is there a chance it's some kind of false positive? I'm scared I might have somehow gotten compromised but I really can't see how considering I have no ports open to the outside other than torrents (going to another VM) and game server specific ports going to other VMs.

 

[damacus]

Your Linux box has syncookies enabled. They help protect against an attack that would use up your total possible connections by leaving a bunch of half-open connections there to time out.

It's possible you have something else in your network attempting to access the box that's glitching out, like some mobile device you set up email on? I don't know. Either way, the message itself is harmless. Just telling you that the Linux box is protecting itself. Run a sniffer if you see it happening in realtime. Or just leave it running just for that port.