disable sending SYN_COOKIES in /etc/sysctl.conf
On Mon, Jun 13, 2011 at 2:20 PM, Omid Kosari <omidkosari_at_yahoo.com> wrote:
>
> Squid Cache: Version 3.1.12.1
> Linux 2.6.38-8-server #42-Ubuntu SMP Mon Apr 11 03:49:04 UTC 2011 x86_64
> x86_64 x86_64 GNU/Linux
> /proc/sys/net/ipv4/tcp_max_syn_backlog is 65536
> /proc/sys/net/ipv4/tcp_syncookies is 0
>
> Average HTTP requests per minute since start: 11700.1
>
> File descriptor usage for squid:
> Maximum number of file descriptors: 16384
> Largest file desc currently in use: 4246
>
>
> /sbin/iptables -t mangle -N DIVERT
> /sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1
> /sbin/iptables -t mangle -A DIVERT -j ACCEPT
> /sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
> /sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
> --tproxy-mark 0x1/0x1 --on-port 3129
> ip rule add fwmark 1 lookup 100
> ip route add local 0.0.0.0/0 dev lo table 100
>
>
>
> but unfortunately i have thousands of this message in dmesg
>
> Jun 13 15:46:17 cache kernel: [98235.807838] net_ratelimit: 19 callbacks
> suppressed
> Jun 13 15:46:17 cache kernel: [98235.807847] TCP: Possible SYN flooding on
> port 80. Dropping request.
> Jun 13 15:46:17 cache kernel: [98235.808762] TCP: Possible SYN flooding on
> port 80. Dropping request.
> Jun 13 15:46:17 cache kernel: [98235.808831] TCP: Possible SYN flooding on
> port 80. Dropping request.
> Jun 13 15:46:17 cache kernel: [98235.808880] TCP: Possible SYN flooding on
> port 80. Dropping request.
> Jun 13 15:46:17 cache kernel: [98235.898484] TCP: Possible SYN flooding on
> port 80. Dropping request.
> Jun 13 15:46:17 cache kernel: [98236.150304] TCP: Possible SYN flooding on
> port 80. Dropping request.
> Jun 13 15:46:17 cache kernel: [98236.156344] TCP: Possible SYN flooding on
> port 80. Dropping request.
> Jun 13 15:46:17 cache kernel: [98236.172954] TCP: Possible SYN flooding on
> port 80. Dropping request.
> Jun 13 15:46:18 cache kernel: [98236.311873] TCP: Possible SYN flooding on
> port 80. Dropping request.
> Jun 13 15:46:18 cache kernel: [98236.330858] TCP: Possible SYN flooding on
> port 80. Dropping request.
> Jun 13 15:46:22 cache kernel: [98240.914019] net_ratelimit: 256 callbacks
> suppressed
> Jun 13 15:46:22 cache kernel: [98240.914027] TCP: Possible SYN flooding on
> port 80. Dropping request.
> Jun 13 15:46:22 cache kernel: [98240.952442] TCP: Possible SYN flooding on
> port 80. Dropping request.
> Jun 13 15:46:22 cache kernel: [98241.023632] TCP: Possible SYN flooding on
> port 80. Dropping request.
> Jun 13 15:46:22 cache kernel: [98241.031661] TCP: Possible SYN flooding on
> port 80. Dropping request.
> Jun 13 15:46:22 cache kernel: [98241.031770] TCP: Possible SYN flooding on
> port 80. Dropping request.
> Jun 13 15:46:22 cache kernel: [98241.031883] TCP: Possible SYN flooding on
> port 80. Dropping request.
> Jun 13 15:46:22 cache kernel: [98241.031911] TCP: Possible SYN flooding on
> port 80. Dropping request.
> Jun 13 15:46:22 cache kernel: [98241.039737] TCP: Possible SYN flooding on
> port 80. Dropping request.
> Jun 13 15:46:22 cache kernel: [98241.040034] TCP: Possible SYN flooding on
> port 80. Dropping request.
> Jun 13 15:46:22 cache kernel: [98241.080768] TCP: Possible SYN flooding on
> port 80. Dropping request.
>
>
> if more info needed just say the command to run .
>
>
>
>
> --
> View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/possible-SYN-flooding-on-port-3128-Sending-cookies-tp2242687p3593626.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Mon Jun 13 2011 - 12:17:51 MDT
This archive was generated by hypermail 2.2.0 : Tue Jun 14 2011 - 12:00:02 MDT