zhanna Posted August 21, 2008 Share Posted August 21, 2008 Hello, I am tried of flooders, my server went down over 15 times in 48 hours. Can anyone please help me how to solve this issue ? Someone is flooding and my server is going down. in /var/log/messages i am getting: kernel: possible SYN flooding on port 2790. Sending cookies. I have to restart my Server to bring it back to stable via command: init 6 My Server is Using: lighttpd I am not good with linux, please any of you, help me to stop this flood. Waiting Best Regards Zhanna Link to comment https://forums.phpfreaks.com/topic/120753-kernel-possible-syn-flooding-on-port-2790-sending-cookies/ Share on other sites More sharing options...
trq Posted August 21, 2008 Share Posted August 21, 2008 Can we see the output of... sudo iptables -L Link to comment https://forums.phpfreaks.com/topic/120753-kernel-possible-syn-flooding-on-port-2790-sending-cookies/#findComment-622427 Share on other sites More sharing options...
zhanna Posted August 21, 2008 Author Share Posted August 21, 2008 srv63:~# sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST ACCEPT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain SYN_FLOOD (0 references) target prot opt source destination RETURN !tcp -- anywhere anywhere RETURN tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN /var/log/messages Aug 21 06:49:07 srv63 kernel: possible SYN flooding on port 2790. Sending cookies. Aug 21 06:50:07 srv63 kernel: possible SYN flooding on port 2790. Sending cookies. Aug 21 06:51:07 srv63 kernel: possible SYN flooding on port 2790. Sending cookies. Aug 21 07:16:11 srv63 -- MARK -- Aug 21 07:23:24 srv63 kernel: possible SYN flooding on port 2790. Sending cookies. Aug 21 07:24:24 srv63 kernel: possible SYN flooding on port 2790. Sending cookies. Aug 21 07:25:24 srv63 kernel: possible SYN flooding on port 2790. Sending cookies. Aug 21 07:26:24 srv63 kernel: possible SYN flooding on port 2790. Sending cookies. Aug 21 07:27:24 srv63 kernel: possible SYN flooding on port 2790. Sending cookies. Aug 21 07:32:00 srv63 kernel: possible SYN flooding on port 2790. Sending cookies. srv63:/# cat /proc/sys/net/ipv4/tcp_syncookies 1 I am running a Tracker with 115,000 peers. XBTT is running on port 2790, when my tracker is going down, i tried to bring it back. I am getting this error: ./xbt_tracker bind failed: EADDRINUSE I have to restart my server: init 6 to run XBTT again. My XBTT tracker was online over 97 days without any problems, in the paste 48 hours, it's been down over 15 times. I am very sure, someone is flooding on port: 2790 and crashing my XBT announce. netstat -ant | grep SYN_RECV | wc -l 389 cat /proc/sys/net/ipv4/tcp_max_syn_backlog 3024 it was 1024, i made it 3024, my server RAM is 4GB. ( I changed it to 3024, restart needed? I just changed via nano ) My website is opening without any problem, just my XBTT software " Tracker " is crashing because of SYN Flood on 2790 port. Please let me know how to stop them. Link to comment https://forums.phpfreaks.com/topic/120753-kernel-possible-syn-flooding-on-port-2790-sending-cookies/#findComment-622441 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.