Hello ppl, do I can ask what traffic from pool is normal ? I have some times problems ... I think I got too much query. This problem is from long time and it's happened only for small amount of time. For 30 min to 1 hour and usual when Im not logged in to see what's happened. Here is error that i got from kernel:
net_ratelimit: 686 callbacks suppressed nf_conntrack: table full, dropping packet. nf_conntrack: table full, dropping packet. nf_conntrack: table full, dropping packet. I use some optimization on tcp/ip network like: # increase TCP max buffer size setable using setsockopt() # 16 MB with a few parallel streams is recommended for most 10G paths # 32 MB might be needed for some very long end-to-end 10G or 40G paths net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 # increase default values net.core.rmem_default = 16777216 net.core.wmem_default = 16777216 # increase Linux autotuning TCP buffer limits # min, default, and max number of bytes to use # (only change the 3rd value, and make it 16 MB or more) net.ipv4.tcp_rmem = 4096 87380 16777216 net.ipv4.tcp_wmem = 4096 65536 16777216 # recommended to increase this for 10G NICS net.core.netdev_max_backlog = 10000 net.ipv6.conf.all.forwarding = 1 net.netfilter.nf_conntrack_tcp_timeout_established = 2000 net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 2000 but I still have a problem. First time when I successful dump the traffic when it's happened I see for 14 seconds my ntp receive 3300 send/receive query. After a private email between me and owner project Ask Bjørn Hansen he decide nothing strange is happened. Today I see that situation again and I log 58100 send/receive query for 20 sec. Both logs can be download from: www.stz-bg.com/traf/ I want to ask is that normal or Im attacked? Because traffic is from UDP you can change query source address and this will become an attack. Regards, Condor _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
