Deactivate SYN flooding mechanism
Posted
by
mlaug
on Server Fault
See other posts from Server Fault
or by mlaug
Published on 2013-02-25T15:42:30Z
Indexed on
2013/10/19
9:57 UTC
Read the original article
Hit count: 228
tcp
I am running a server that is running a service on port 59380. There are more than 1000 machines out there connecting to that service. Once I need to restart the service all those machines are connecting at the same time.
That made some trouble as I have seen that log entry in kern.log
TCP: Possible SYN flooding on port 59380. *Sending cookies*. Check SNMP counters.
So I changed sysctl net.ipv4.tcp_syncookies
to 0 because the endpoints to not handle tcp syn cookies correctly. Finally I restarted my network to get the changes in production
Next time I had to restart the service, the following message was logged
TCP: Possible SYN flooding on port 59380. *Dropping request*. Check SNMP counters.
How can I prevent the system for doing such actions? All necessary counter measures are done by iptables...
© Server Fault or respective owner