zhanna Posted August 21, 2008 Share Posted August 21, 2008 Hello, I am tried of flooders, my server went down over 15 times in 48 hours. Can anyone please help me how to solve this issue ? Someone is flooding and my server is going down. in /var/log/messages i am getting: kernel: possible SYN flooding on port 2790. Sending cookies. I have to restart my Server to bring it back to stable via command: init 6 My Server is Using: lighttpd I am not good with linux, please any of you, help me to stop this flood. Waiting Best Regards Zhanna Quote Link to comment https://forums.phpfreaks.com/topic/120753-kernel-possible-syn-flooding-on-port-2790-sending-cookies/ Share on other sites More sharing options...
trq Posted August 21, 2008 Share Posted August 21, 2008 Can we see the output of... sudo iptables -L Quote Link to comment https://forums.phpfreaks.com/topic/120753-kernel-possible-syn-flooding-on-port-2790-sending-cookies/#findComment-622427 Share on other sites More sharing options...
zhanna Posted August 21, 2008 Author Share Posted August 21, 2008 srv63:~# sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST ACCEPT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain SYN_FLOOD (0 references) target prot opt source destination RETURN !tcp -- anywhere anywhere RETURN tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN /var/log/messages Aug 21 06:49:07 srv63 kernel: possible SYN flooding on port 2790. Sending cookies. Aug 21 06:50:07 srv63 kernel: possible SYN flooding on port 2790. Sending cookies. Aug 21 06:51:07 srv63 kernel: possible SYN flooding on port 2790. Sending cookies. Aug 21 07:16:11 srv63 -- MARK -- Aug 21 07:23:24 srv63 kernel: possible SYN flooding on port 2790. Sending cookies. Aug 21 07:24:24 srv63 kernel: possible SYN flooding on port 2790. Sending cookies. Aug 21 07:25:24 srv63 kernel: possible SYN flooding on port 2790. Sending cookies. Aug 21 07:26:24 srv63 kernel: possible SYN flooding on port 2790. Sending cookies. Aug 21 07:27:24 srv63 kernel: possible SYN flooding on port 2790. Sending cookies. Aug 21 07:32:00 srv63 kernel: possible SYN flooding on port 2790. Sending cookies. srv63:/# cat /proc/sys/net/ipv4/tcp_syncookies 1 I am running a Tracker with 115,000 peers. XBTT is running on port 2790, when my tracker is going down, i tried to bring it back. I am getting this error: ./xbt_tracker bind failed: EADDRINUSE I have to restart my server: init 6 to run XBTT again. My XBTT tracker was online over 97 days without any problems, in the paste 48 hours, it's been down over 15 times. I am very sure, someone is flooding on port: 2790 and crashing my XBT announce. netstat -ant | grep SYN_RECV | wc -l 389 cat /proc/sys/net/ipv4/tcp_max_syn_backlog 3024 it was 1024, i made it 3024, my server RAM is 4GB. ( I changed it to 3024, restart needed? I just changed via nano ) My website is opening without any problem, just my XBTT software " Tracker " is crashing because of SYN Flood on 2790 port. Please let me know how to stop them. Quote Link to comment https://forums.phpfreaks.com/topic/120753-kernel-possible-syn-flooding-on-port-2790-sending-cookies/#findComment-622441 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.