Hello,
under litespeed server I'm getting these errors at /var/log/messages :
Oct 10 19:09:27 01 kernel: TCP: Possible SYN flooding on port 80. Sending cookies.
Oct 10 19:09:27 01 kernel: net_ratelimit: 146 callbacks suppressed
Oct 10 19:09:22 01 last message repeated 9 times
Oct 10 19:09:22 01 kernel: TCP: Possible SYN flooding on port 80. Sending cookies.
Oct 10 19:09:22 01 kernel: net_ratelimit: 677 callbacks suppressed
Oct 10 19:09:17 01 last message repeated 9 times
Oct 10 19:09:16 01 kernel: TCP: Possible SYN flooding on port 80. Sending cookies.
Oct 10 19:09:16 01 kernel: net_ratelimit: 696 callbacks suppressed
Oct 10 19:09:12 01 last message repeated 9 times
Oct 10 19:09:11 01 kernel: TCP: Possible SYN flooding on port 80. Sending cookies.
Oct 10 19:09:11 01 kernel: net_ratelimit: 1309 callbacks suppressed
Oct 10 19:09:07 01 last message repeated 13 times
Oct 10 19:08:52 01 kernel: TCP: Possible SYN flooding on port 80. Sending cookies.
Oct 10 19:08:52 01 kernel: net_ratelimit: 3 callbacks suppressed
Oct 10 19:07:53 01 last message repeated 9 times
Oct 10 19:07:53 01 kernel: TCP: Possible SYN flooding on port 80. Sending cookies.
Oct 10 19:07:53 01 kernel: net_ratelimit: 233 callbacks suppressed
Server is not under any DoS attacks, is simply getting HUGE traffic.
Is probably caused by some tcp setting not correctly tuned. I have been trying with sysctl.conf settings but no way
some info:
#netstat -ant | grep 80 | wc -l
35643
#netstat -ant | grep 80 | awk '{print $6}' | sort | uniq -c | sort -n
1 CLOSING
2 CLOSE_WAIT
3 LISTEN
5 LAST_ACK
49 FIN_WAIT1
71 FIN_WAIT2
208 SYN_RECV
498 ESTABLISHED
34751 TIME_WAIT
under litespeed server I'm getting these errors at /var/log/messages :
Oct 10 19:09:27 01 kernel: TCP: Possible SYN flooding on port 80. Sending cookies.
Oct 10 19:09:27 01 kernel: net_ratelimit: 146 callbacks suppressed
Oct 10 19:09:22 01 last message repeated 9 times
Oct 10 19:09:22 01 kernel: TCP: Possible SYN flooding on port 80. Sending cookies.
Oct 10 19:09:22 01 kernel: net_ratelimit: 677 callbacks suppressed
Oct 10 19:09:17 01 last message repeated 9 times
Oct 10 19:09:16 01 kernel: TCP: Possible SYN flooding on port 80. Sending cookies.
Oct 10 19:09:16 01 kernel: net_ratelimit: 696 callbacks suppressed
Oct 10 19:09:12 01 last message repeated 9 times
Oct 10 19:09:11 01 kernel: TCP: Possible SYN flooding on port 80. Sending cookies.
Oct 10 19:09:11 01 kernel: net_ratelimit: 1309 callbacks suppressed
Oct 10 19:09:07 01 last message repeated 13 times
Oct 10 19:08:52 01 kernel: TCP: Possible SYN flooding on port 80. Sending cookies.
Oct 10 19:08:52 01 kernel: net_ratelimit: 3 callbacks suppressed
Oct 10 19:07:53 01 last message repeated 9 times
Oct 10 19:07:53 01 kernel: TCP: Possible SYN flooding on port 80. Sending cookies.
Oct 10 19:07:53 01 kernel: net_ratelimit: 233 callbacks suppressed
Server is not under any DoS attacks, is simply getting HUGE traffic.
Is probably caused by some tcp setting not correctly tuned. I have been trying with sysctl.conf settings but no way
some info:
#netstat -ant | grep 80 | wc -l
35643
#netstat -ant | grep 80 | awk '{print $6}' | sort | uniq -c | sort -n
1 CLOSING
2 CLOSE_WAIT
3 LISTEN
5 LAST_ACK
49 FIN_WAIT1
71 FIN_WAIT2
208 SYN_RECV
498 ESTABLISHED
34751 TIME_WAIT