On 06/06/2010 03:12 AM, Henrik Nordström wrote:
lör 2010-06-05 klockan 07:31 +0700 skrev Khemara Lyn:
What would be the good values for these parameters?
Any extra parameters i should add?
Add a zero to tcp_max_syn_backlog perhaps?
If that does not help then you need to investigate
lör 2010-06-05 klockan 07:31 +0700 skrev Khemara Lyn:
What would be the good values for these parameters?
Any extra parameters i should add?
Add a zero to tcp_max_syn_backlog perhaps?
If that does not help then you need to investigate the issue further.
Regards
Henrik
fre 2010-06-04 klockan 11:51 +0700 skrev Khemara Lyn:
Jun 4 11:11:39 cache kernel: possible SYN flooding on port 3128.
Sending cookies.
You get this message when the SYN backlog queue is filled in the TCP
kernel. This is mainly connections in SYN_RECV state. It is safe to
tune up the limit
Thank you for your response, Henrik.
I have this in /etc/sysctl.conf:
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.default.accept_redirects = 0
Dear All,
I could see a lot of instances of the following message in the system
log of Fedora 12 running Squid-2.7STABLE9:
Jun 4 11:11:39 cache kernel: possible SYN flooding on port 3128.
Sending cookies.
Is the system really under SYN flood attack?
I tried running this command:
netstat
ons 2009-11-25 klockan 05:51 -0800 skrev Landy Landy:
I also checked netstat -nat and noticed a lot about 1200 of ESTABLISHED
connections from one ip address.
I called this person and told me no one was using that machine.
echo 1 /proc/sys/net/ipv4/tcp_syncookies
Is this a virus?
Hello.
I noticed my internet connection was crawling, not even google.com would open.
I checked syslog and noticed:
kernel: possible SYN flooding on port 3128. Sending cookies.
I also checked netstat -nat and noticed a lot about 1200 of ESTABLISHED
connections from one ip address.
I called
