Jump to content

kernel: possible SYN flooding on port 2790. Sending cookies.


zhanna

Recommended Posts

Hello,

 

I am tried of flooders, my server went down over 15 times in 48 hours.

 

Can anyone please help me how to solve this issue ?

 

Someone is flooding and my server is going down. in /var/log/messages i am getting: kernel: possible SYN flooding on port 2790. Sending cookies.

 

I have to restart my Server to bring it back to stable via command: init 6

 

My Server is Using: lighttpd

 

I am not good with linux, please any of you, help me to stop this flood.

 

Waiting

 

 

Best Regards

Zhanna

Link to comment
Share on other sites

srv63:~# sudo iptables -L

Chain INPUT (policy ACCEPT)

target    prot opt source              destination

DROP      tcp  --  anywhere            anywhere            tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK

DROP      tcp  --  anywhere            anywhere            tcp flags:FIN,SYN/FIN,SYN

DROP      tcp  --  anywhere            anywhere            tcp flags:SYN,RST/SYN,RST

ACCEPT    tcp  --  anywhere            anywhere            tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5

 

Chain FORWARD (policy ACCEPT)

target    prot opt source              destination

 

Chain OUTPUT (policy ACCEPT)

target    prot opt source              destination

 

Chain SYN_FLOOD (0 references)

target    prot opt source              destination

RETURN    !tcp  --  anywhere            anywhere

RETURN    tcp  --  anywhere            anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN

 

 

/var/log/messages

Aug 21 06:49:07 srv63 kernel: possible SYN flooding on port 2790. Sending cookies.

Aug 21 06:50:07 srv63 kernel: possible SYN flooding on port 2790. Sending cookies.

Aug 21 06:51:07 srv63 kernel: possible SYN flooding on port 2790. Sending cookies.

Aug 21 07:16:11 srv63 -- MARK --

Aug 21 07:23:24 srv63 kernel: possible SYN flooding on port 2790. Sending cookies.

Aug 21 07:24:24 srv63 kernel: possible SYN flooding on port 2790. Sending cookies.

Aug 21 07:25:24 srv63 kernel: possible SYN flooding on port 2790. Sending cookies.

Aug 21 07:26:24 srv63 kernel: possible SYN flooding on port 2790. Sending cookies.

Aug 21 07:27:24 srv63 kernel: possible SYN flooding on port 2790. Sending cookies.

Aug 21 07:32:00 srv63 kernel: possible SYN flooding on port 2790. Sending cookies.

 

srv63:/# cat /proc/sys/net/ipv4/tcp_syncookies

1

 

 

I am running a Tracker with 115,000 peers.

XBTT is running on port 2790, when my tracker is going down, i tried to bring it back.

 

I am getting this error:

 

./xbt_tracker

bind failed: EADDRINUSE

 

I have to restart my server: init 6 to run XBTT again.

 

My XBTT tracker was online over 97 days without any problems, in the paste 48 hours, it's been down over 15 times.

 

I am very sure, someone is flooding on port: 2790 and crashing my XBT announce.

 

netstat -ant | grep SYN_RECV | wc -l

389

 

cat /proc/sys/net/ipv4/tcp_max_syn_backlog

3024
it was 1024, i made it 3024, my server RAM is 4GB. ( I changed it to 3024, restart needed? I just changed via nano )

 

My website is opening without any problem, just my XBTT software " Tracker " is crashing because of SYN Flood on 2790 port.

 

 

Please let me know how to stop them.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.