I am making an http server in c. It is in a pre-alpha stage but seemed to be stable enough to deploy on my server and run 4 minimal websites. It has been running seamlessly for two days until this morning. The daemon was not running and did not exit cleanly. I looked in the logs and found about 10 lines in a row saying:
[815259.230706] possible SYN flooding on port 80. Sending cookies.
Then no more messages logged from the http server, so i am assuming this is where it died. I am not sure what signal it received that killed it so I am assuming it was SIGKILL, SIGSEGV, or SIGABRT because they are not caught, and SIGKILL can't be caught anyway. I looked up SYN flooding and it's a type of DoS attack. I am not sure if the server was actually attacked or not but the most requests I receive in total for my 4 websites runs about at most 1 per second...not anywhere near enough to be falsely accused of being a DoS attack.
My questions are:
How likely is it that this was a DoS attack?
Would the kernel(linux) have killed the http server because of this or did it die on its own?
If the kernel killed it how do i prevent this from happening, i can't have it dieing unexpectedly?
If the kernel did not kill it, was the death likely caused by the SYN flooding and how can i debug it, or is it more likely it is an unrelated programming bug?
What security measures should i take to prevent possible SYN flooding?
EDIT: The http server has now crashed 3 times with the same scenario occurring.
