Hi I'm getting this type of message repeatedly from the kernel:
[1697692.076962] possible SYN flooding on port 80. Sending cookies.
Any idea of what this means? It is on an EC2 host if that makes it easier.
Thanks
SnapOverflow
It means that you're being attacked by someone who thinks that the state of the art of network stacks was reached in the late 90s. "SYN flooding" is a way of denying service by half-opening a huge number of TCP connections, which is supposed to exhaust the resources on the server by needing to hold state for all those half-opened connections. It was quickly realised that the state of these half-open connections could be stored in the ACK packet itself, which is what is meant by "Sending cookies".
Plenty of information can be found by searching the Internet for "Syn flooding" and "Syn cookies".
You have SYN cookies enabled, your server's table of pending TCP connections is full, and your server received another connection attempt (SYN packet).
This can be due to SYN flooding (a type of denial of service attack), but it could also be due to poor configuration (too small a size for the SYN-recv table, too long a timeout / retry count for SYN packets, etc.).
The up-shot is that while you are receiving these messages, some of your normal / actual users may be experiencing sub-optimal behavior. This would typically be a higher sensitivity to packet loss, mostly resulting in the failure to connect for a small fraction of connections that would otherwise have succeeded.
There are LOTS of posts on what this is all about, many on this site. If you search for the log message or even just SYN, you will almost certainly learn everything useful there is to know.