You are not logged in.

#1 2011-08-05 00:51:46

foolosophy
Member
Registered: 2009-04-17
Posts: 48

TCP: Possible SYN flooding on port XXXXX. Dropping request.

Hi there.

I'm running deluge (bittorrent client) on my server and I get this message constantly on /var/log/messages:

TCP: Possible SYN flooding on port XXXXX. Dropping request.


If I change deluge's port, it's the same.
I used to receive the same message but with "Sending cookie" at the end. That is very common and has been around for a long time: http://cr.yp.to/syncookies.html
I disabled syncookies in /etc/sysctl.conf with
net.ipv4.tcp_syncookies=0

But I can't find any setting in there nor in /proc/sys/net/ipv4/ that also avoids dropping requests!

Do you know where can I change this setting?

Offline

#2 2011-08-05 02:50:20

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,229
Website

Re: TCP: Possible SYN flooding on port XXXXX. Dropping request.

foolosophy wrote:

TCP: Possible SYN flooding on port XXXXX. Dropping request.

Are you sure it's the kernel doing that? Can you post an extract of the log message in context?

Offline

#3 2011-08-05 03:14:23

foolosophy
Member
Registered: 2009-04-17
Posts: 48

Re: TCP: Possible SYN flooding on port XXXXX. Dropping request.

Yeah, I'm sure.

Aug  5 00:09:47 localhost kernel: [95203.513298] TCP: Possible SYN flooding on port 53126. Dropping request.
Aug  5 00:09:51 localhost kernel: [95207.579043] net_ratelimit: 9 callbacks suppressed
Aug  5 00:09:51 localhost kernel: [95207.579056] TCP: Possible SYN flooding on port 53126. Dropping request.
Aug  5 00:09:52 localhost kernel: [95207.790862] TCP: Possible SYN flooding on port 53126. Dropping request.
Aug  5 00:09:54 localhost kernel: [95210.220548] TCP: Possible SYN flooding on port 53126. Dropping request.
Aug  5 00:09:56 localhost kernel: [95212.420897] TCP: Possible SYN flooding on port 53126. Dropping request.
Aug  5 00:10:00 localhost kernel: [95215.697721] TCP: Possible SYN flooding on port 53126. Dropping request.
Aug  5 00:10:00 localhost kernel: [95216.097729] TCP: Possible SYN flooding on port 53126. Dropping request.
Aug  5 00:10:00 localhost kernel: [95216.185843] TCP: Possible SYN flooding on port 53126. Dropping request.
Aug  5 00:10:14 localhost kernel: [95230.395110] TCP: Possible SYN flooding on port 53126. Dropping request.
Aug  5 00:10:15 localhost kernel: [95230.981584] TCP: Possible SYN flooding on port 53126. Dropping request.
Aug  5 00:10:16 localhost kernel: [95232.342224] TCP: Possible SYN flooding on port 53126. Dropping request.
Aug  5 00:10:16 localhost kernel: [95232.420052] TCP: Possible SYN flooding on port 53126. Dropping request.
Aug  5 00:10:16 localhost kernel: [95232.420237] TCP: Possible SYN flooding on port 53126. Dropping request.
Aug  5 00:10:17 localhost kernel: [95232.716283] TCP: Possible SYN flooding on port 53126. Dropping request.
Aug  5 00:10:17 localhost kernel: [95232.739409] TCP: Possible SYN flooding on port 53126. Dropping request.
Aug  5 00:10:17 localhost kernel: [95233.290902] TCP: Possible SYN flooding on port 53126. Dropping request.
Aug  5 00:10:17 localhost kernel: [95233.382954] TCP: Possible SYN flooding on port 53126. Dropping request.
Aug  5 00:10:17 localhost kernel: [95233.411097] TCP: Possible SYN flooding on port 53126. Dropping request.
Aug  5 00:10:21 localhost kernel: [95236.701556] net_ratelimit: 2 callbacks suppressed
Aug  5 00:10:21 localhost kernel: [95236.701565] TCP: Possible SYN flooding on port 53126. Dropping request.

and on and on and on...

Offline

#4 2011-08-05 06:53:33

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,229
Website

Re: TCP: Possible SYN flooding on port XXXXX. Dropping request.

Interesting.... I'm not sure, maybe you're filling up conntrack table or some other kernel limit?

Offline

#5 2011-08-11 01:04:11

foolosophy
Member
Registered: 2009-04-17
Posts: 48

Re: TCP: Possible SYN flooding on port XXXXX. Dropping request.

Help please...

Offline

#6 2011-10-28 04:05:15

student975
Member
From: Russian Federation
Registered: 2011-03-05
Posts: 613

Re: TCP: Possible SYN flooding on port XXXXX. Dropping request.

@foolosophy

Have you found a reason/solution?

@fukawi2

I met the issue without iptables - just on local ApacheBench-ing of an http server.


"I exist" is the best myth I know..

Offline

#7 2011-10-28 04:08:48

foolosophy
Member
Registered: 2009-04-17
Posts: 48

Re: TCP: Possible SYN flooding on port XXXXX. Dropping request.

Nope. Still getting it. I decided to ignore it, given that Deluge is working fine anyway.

Offline

#8 2011-10-28 06:28:19

itman
Member
From: Switzerland
Registered: 2010-05-21
Posts: 124

Re: TCP: Possible SYN flooding on port XXXXX. Dropping request.

deluge user here...

isn't it the other way around?

net.ipv4.tcp_syncookies=1

Offline

#9 2011-10-28 17:07:37

foolosophy
Member
Registered: 2009-04-17
Posts: 48

Re: TCP: Possible SYN flooding on port XXXXX. Dropping request.

That would enable sending cookies... Instead of saying "dropping request", it would say "sending cookie".

EDIT: See http://cr.yp.to/syncookies.html

Last edited by foolosophy (2011-10-28 17:08:20)

Offline

#10 2011-10-28 17:47:09

itman
Member
From: Switzerland
Registered: 2010-05-21
Posts: 124

Re: TCP: Possible SYN flooding on port XXXXX. Dropping request.

hmmm - anyway no "SYN flooding" messages in any log-files...

I sense a misconception here: setting

net.ipv4.tcp_syncookies=1

protects you from those.

Offline

#11 2011-10-28 18:11:26

foolosophy
Member
Registered: 2009-04-17
Posts: 48

Re: TCP: Possible SYN flooding on port XXXXX. Dropping request.

No misconception. I just think the kernel is getting false positives; I don't think I'm being DoSed, it's just normal torrent traffic.

Offline

#12 2011-10-28 21:36:34

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 999

Re: TCP: Possible SYN flooding on port XXXXX. Dropping request.

@foolosophy:
Have you seen this: https://bugzilla.redhat.com/show_bug.cgi?id=734991

@all:
I am confused now regarding syncookies. Because according to

/usr/src/linux-3.0-ARCH/Documentation/networking/ip-sysctl.txt

we must have CONFIG_SYNCOOKIES=y in kernel config, but /proc/config.gz doesn't have this option.


Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#13 2011-10-29 13:39:41

R00KIE
Forum Fellow
From: Between a computer and a chair
Registered: 2008-09-14
Posts: 4,734

Re: TCP: Possible SYN flooding on port XXXXX. Dropping request.

You sure you didn't miss it?

> zgrep COOKIES /proc/config.gz 
CONFIG_SYN_COOKIES=y

R00KIE
Tm90aGluZyB0byBzZWUgaGVyZSwgbW92ZSBhbG9uZy4K

Offline

Board footer

Powered by FluxBB