Deactivate SYN flooding mechanism

Posted by mlaug on Server Fault See other posts from Server Fault or by mlaug
Published on 2013-02-25T15:42:30Z Indexed on 2013/10/19 9:57 UTC
Read the original article Hit count: 228

Filed under:

I am running a server that is running a service on port 59380. There are more than 1000 machines out there connecting to that service. Once I need to restart the service all those machines are connecting at the same time.

That made some trouble as I have seen that log entry in kern.log

TCP: Possible SYN flooding on port 59380. *Sending cookies*.  Check SNMP counters.

So I changed sysctl net.ipv4.tcp_syncookies to 0 because the endpoints to not handle tcp syn cookies correctly. Finally I restarted my network to get the changes in production

Next time I had to restart the service, the following message was logged

TCP: Possible SYN flooding on port 59380. *Dropping request*.  Check SNMP counters.

How can I prevent the system for doing such actions? All necessary counter measures are done by iptables...

© Server Fault or respective owner

Related posts about tcp