aganguly01 at gmail
Jul 23, 2008, 11:48 AM
Post #1 of 1
(277 views)
Permalink
|
|
Help on Syn flood with Apache
|
|
Hi All,
I am using Apache 2.2 with mpm model as worker in RedHat 3.0.
When I do a dmesg from the command prompt I get lot of the below message
possible SYN flooding on port 84. Sending cookies.
possible SYN flooding on port 82. Sending cookies.
possible SYN flooding on port 81. Sending cookies.
possible SYN flooding on port 84. Sending cookies.
Those are the listening the ports of the Apache.I am having 4 different
instances are running.When I do a netstat of lsof on a particular port I see
SYN_RCV is taking 50 % of the connections, which may have caused the kernel
to throw the "SYN_FLOOD_ATTACK", correct me if I am wrong.
I have the following configuration net.ipv4.tcp_max_syn_backlog = 1024 and
net.ipv4.tcp_syncookies = 1 and net.ipv4.tcp_keepalive_time = 7200
So what would be the workaround for the above scenario, and what is the main
issue it is causing the above behavior.Any help would be very much
appreciated.
Thanks in advance
Regards
Arnab
|
