disable sending SYN_COOKIES in /etc/sysctl.conf On Mon, Jun 13, 2011 at 2:20 PM, Omid Kosari <omidkosari@xxxxxxxxx> wrote: > > Squid Cache: Version 3.1.12.1 > Linux 2.6.38-8-server #42-Ubuntu SMP Mon Apr 11 03:49:04 UTC 2011 x86_64 > x86_64 x86_64 GNU/Linux > /proc/sys/net/ipv4/tcp_max_syn_backlog is 65536 > /proc/sys/net/ipv4/tcp_syncookies is 0 > > Average HTTP requests per minute since start: 11700.1 > > File descriptor usage for squid: > Maximum number of file descriptors: 16384 > Largest file desc currently in use: 4246 > > > /sbin/iptables -t mangle -N DIVERT > /sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1 > /sbin/iptables -t mangle -A DIVERT -j ACCEPT > /sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT > /sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY > --tproxy-mark 0x1/0x1 --on-port 3129 > ip rule add fwmark 1 lookup 100 > ip route add local 0.0.0.0/0 dev lo table 100 > > > > but unfortunately i have thousands of this message in dmesg > > Jun 13 15:46:17 cache kernel: [98235.807838] net_ratelimit: 19 callbacks > suppressed > Jun 13 15:46:17 cache kernel: [98235.807847] TCP: Possible SYN flooding on > port 80. Dropping request. > Jun 13 15:46:17 cache kernel: [98235.808762] TCP: Possible SYN flooding on > port 80. Dropping request. > Jun 13 15:46:17 cache kernel: [98235.808831] TCP: Possible SYN flooding on > port 80. Dropping request. > Jun 13 15:46:17 cache kernel: [98235.808880] TCP: Possible SYN flooding on > port 80. Dropping request. > Jun 13 15:46:17 cache kernel: [98235.898484] TCP: Possible SYN flooding on > port 80. Dropping request. > Jun 13 15:46:17 cache kernel: [98236.150304] TCP: Possible SYN flooding on > port 80. Dropping request. > Jun 13 15:46:17 cache kernel: [98236.156344] TCP: Possible SYN flooding on > port 80. Dropping request. > Jun 13 15:46:17 cache kernel: [98236.172954] TCP: Possible SYN flooding on > port 80. Dropping request. > Jun 13 15:46:18 cache kernel: [98236.311873] TCP: Possible SYN flooding on > port 80. Dropping request. > Jun 13 15:46:18 cache kernel: [98236.330858] TCP: Possible SYN flooding on > port 80. Dropping request. > Jun 13 15:46:22 cache kernel: [98240.914019] net_ratelimit: 256 callbacks > suppressed > Jun 13 15:46:22 cache kernel: [98240.914027] TCP: Possible SYN flooding on > port 80. Dropping request. > Jun 13 15:46:22 cache kernel: [98240.952442] TCP: Possible SYN flooding on > port 80. Dropping request. > Jun 13 15:46:22 cache kernel: [98241.023632] TCP: Possible SYN flooding on > port 80. Dropping request. > Jun 13 15:46:22 cache kernel: [98241.031661] TCP: Possible SYN flooding on > port 80. Dropping request. > Jun 13 15:46:22 cache kernel: [98241.031770] TCP: Possible SYN flooding on > port 80. Dropping request. > Jun 13 15:46:22 cache kernel: [98241.031883] TCP: Possible SYN flooding on > port 80. Dropping request. > Jun 13 15:46:22 cache kernel: [98241.031911] TCP: Possible SYN flooding on > port 80. Dropping request. > Jun 13 15:46:22 cache kernel: [98241.039737] TCP: Possible SYN flooding on > port 80. Dropping request. > Jun 13 15:46:22 cache kernel: [98241.040034] TCP: Possible SYN flooding on > port 80. Dropping request. > Jun 13 15:46:22 cache kernel: [98241.080768] TCP: Possible SYN flooding on > port 80. Dropping request. > > > if more info needed just say the command to run . > > > > > -- > View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/possible-SYN-flooding-on-port-3128-Sending-cookies-tp2242687p3593626.html > Sent from the Squid - Users mailing list archive at Nabble.com.
