possible SYN flooding on port 3690 Sending cookies

简介:

possible SYN flooding on port 3690. Sending cookies(转)

possible SYN flooding on port 3690. Sending cookies 开了syncookie之后经常会看到这个报警信息“possible SYN flooding on port 3690. Sending cookies”

首先我们看看sysctl.txt对syncookie选项的注释:

tcp_syncookies - BOOLEAN
Only valid when the kernel was compiled with CONFIG_SYNCOOKIES
Send out syncookies when the syn backlog queue of a socket
overflows. This is to prevent against the common ’syn flood attack’
Default: FALSE

Note, that syncookies is fallback facility.
It MUST NOT be used to help highly loaded servers to stand
against legal connection rate. If you see synflood warnings
in your logs, but investigation shows that they occur
because of overload with legal connections, you should tune
another parameters until this warning disappear.
See: tcp_max_syn_backlog, tcp_synack_retries, tcp_abort_on_overflow.

如果系统资源还没问题的话,应该多数不是受到syn flood,而是并发连接过多。

上面的说明建议我们修改tcp_max_syn_backlog, tcp_synack_retries, tcp_abort_on_overflow.

net.ipv4.tcp_max_syn_backlog = 20480
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.core.netdev_max_backlog = 1000

net.core.netdev_max_backlog = 300000 # number of unprocessed input packets before kernel starts dropping them, default 300

tcp_max_syn_backlog - INTEGER
Maximal number of remembered connection requests, which are
still did not receive an acknowledgment from connecting client.
Default value is 1024 for systems with more than 128Mb of memory,
and 128 for low memory machines. If server suffers of overload,
try to increase this number.

tcp_abort_on_overflow - BOOLEAN
If listening service is too slow to accept new connections,
reset them. Default state is FALSE. It means that if overflow
occurred due to a burst, connection will recover. Enable this
option _only_ if you are really sure that listening daemon
cannot be tuned to accept connections faster. Enabling this
option can harm clients of your server. 这个我们还是别设置了。

最后,设置了net.ipv4.tcp_max_syn_backlog = 819200之后,没有报那个syncookie警告了。

/proc/sys/net/ipv4/tcp_max_syn_backlog










本文转自 南非波波 51CTO博客,原文链接:http://blog.51cto.com/nanfeibobo/1719323,如需转载请自行联系原作者
目录
相关文章
|
7月前
|
Java 网络安全 Docker
curl: (56) Recv failure: Connection reset by peer
curl: (56) Recv failure: Connection reset by peer
428 0
|
安全 Java Linux
Could not connect to SMTP host: smtp.***.com, port: 465, response: -1
Could not connect to SMTP host: smtp.***.com, port: 465, response: -1
509 0
|
运维 网络协议 网络安全
Closed socket connection for client /39.103.162.230:56100 (no session established for client)
Closed socket connection for client /39.103.162.230:56100 (no session established for client)
375 0
Closed socket connection for client /39.103.162.230:56100 (no session established for client)
|
固态存储 网络协议 Linux
The remote SSH server rejected X11 forwarding request
The remote SSH server rejected X11 forwarding request
368 0
The remote SSH server rejected X11 forwarding request
|
网络协议 Linux
散记-Network is unreachable错误+From localhost (192.168.81.129) icmp_seq=1 Destination Host Unreachable
散记-Network is unreachable错误+From localhost (192.168.81.129) icmp_seq=1 Destination Host Unreachable
924 0
|
网络协议
OGG-01232 Receive TCP params error: TCP/IP error 104 (Connection reset by peer), endpoint:
源端: 2015-02-05 17:45:49 INFO OGG-01815 Virtual Memory Facilities for: COM anon alloc: mmap(MAP_ANON) anon free: munmap file alloc: mmap(MAP_SH...
3066 0
Network is unreachable错误+From localhost (192.168.81.129) icmp_seq=1 Destination Host Unreachable错误
本文均为本人实操整理,请勿搬运,学习交流可以随时评论---魏红斌
505 0
Client network socket disconnected before secure TLS connection was established
标题:Client network socket disconnected before secure TLS connection was established 我在使用 SAP Spartacus 连接 Commerce Cloud 后台 OCC API 时,遇到如下错误消息:
Client network socket disconnected before secure TLS connection was established
|
网络安全
Received disconnect from **.**).***.*** port 22:2: Too many authentication failures 解决办法
登录云服务器(使用云服务器自己的命令行工具) 之后只需要修改这个地方就可以了 vim  /etc/ssh/sshd_config 将这行注释去掉,并且修改他的值稍微大一点即可 MaxAuthTries 10
4750 0