Wednesday, 21 August 2013

possible SYN flooding on port xxxx. Sending cookies.

This could be a form of DOS attack on the box and It is likely to be TCP backlog queue maximum size has been reached.

1). To Ascertain the current maximum size:

# cat /proc/sys/net/ipv4/tcp_max_syn_backlog
1024

Adjust the size, 4096 is recommended unless the box has a minute amount of memory in modern standards (<1Gb).

# echo "4096" >/proc/sys/net/ipv4/tcp_max_syn_backlog

2). To Enable fast recycling TIME-WAIT sockets. add the following to /etc/sysctl.conf, then run 'sysctl -p'

net.ipv4.tcp_tw_recycle = 1

Check dmesg to see if the problem persist.

!

No comments:

Post a Comment