Deactivate SYN flooding mechanism

Posted by mlaug on Server Fault See other posts from Server Fault or by mlaug
Published on 2013-02-25T15:42:30Z Indexed on 2013/10/19 9:57 UTC
Read the original article Hit count: 225

Filed under:

tcp

I am running a server that is running a service on port 59380. There are more than 1000 machines out there connecting to that service. Once I need to restart the service all those machines are connecting at the same time.

That made some trouble as I have seen that log entry in kern.log

TCP: Possible SYN flooding on port 59380. *Sending cookies*.  Check SNMP counters.

So I changed sysctl net.ipv4.tcp_syncookies to 0 because the endpoints to not handle tcp syn cookies correctly. Finally I restarted my network to get the changes in production

Next time I had to restart the service, the following message was logged

TCP: Possible SYN flooding on port 59380. *Dropping request*.  Check SNMP counters.

How can I prevent the system for doing such actions? All necessary counter measures are done by iptables...

Related posts about tcp

TCP RST Reset Every 5 Minutes on Windows 2003 sp2

as seen on Server Fault - Search for 'Server Fault'
Hey, Recently I had a web developer come to me and ask why he was receiving connection errors in his app that was accessing a sql database. So, I went through my normal trouble shooting steps to isolate or reproduce the issue. I discovered that if I connected to the database using Query Analyzer… >>> More
iptables issue on plesk

as seen on Server Fault - Search for 'Server Fault'
i don't know how to open a specific port (rtmp=1935) on my CentOS server using Plesk or itables. I created new rules for port 1935 i/o using Plesk/Modules/Firewall but this doesn't work. Nmap scanning tells me this : 1935/tcp filtered rtmp . So i decided to have look at my iptable using SSH (iptables… >>> More
Httpd problem, suspect an attack but not sure

as seen on Server Fault - Search for 'Server Fault'
On one of my servers when I type netstat -n I get a huge output, something like 400 entries for httpd. The bandwidth on the server isn't high, so I'm confused as to what's causing it. I'm suspecting an attack, but not sure. Intermittently, the web server will stop responding. When this happens… >>> More
Why can blocked IPs get through my iptables? What's wrong with this configuration?

as seen on Server Fault - Search for 'Server Fault'
(Why can/How are) blocked IPs (get/getting) through my iptables? Hello and thanks for your consideration... I have configured iptables and included (below) output from the command "iptables --line-numbers -n -L" yet IP addresses (like 31.41.219.180) from IP blocks I have already blocked are getting… >>> More
iptables syn flood countermeasure

as seen on Server Fault - Search for 'Server Fault'
I'm trying to adjust my iptables firewall to increase the security of my server, and I found something a bit problematic here : I have to set INPUT policy to ACCEPT and, in addition, to have a rule saying iptables -I INPUT -i eth0 -j ACCEPT. Here comes my script (launched manually for tests) : #… >>> More

Developer IT

Deactivate SYN flooding mechanism - Developer IT

Deactivate SYN flooding mechanism

tcp

Related posts about tcp

TCP RST Reset Every 5 Minutes on Windows 2003 sp2

iptables issue on plesk

Httpd problem, suspect an attack but not sure

Why can blocked IPs get through my iptables? What's wrong with this configuration?

iptables syn flood countermeasure

Categories cloud