RE: [squid-users] Dmesg message in kernel 2.4 ! from Account For Cache Group on 2002-06-09 (squid-users)

From: Account For Cache Group <cachemail@dont-contact.us>
Date: Sun, 9 Jun 2002 12:28:34 +0430 (IRST)

you can also do rate limit for your requests using iptables and use module
"limit" for example if you hava only need 40 req/second, you can limit the
maximum of recieved packets (that their SYN flag is enabled) to 40.

this is another approache to defeat sys flooding, the first way is
tcp_syncookies.

Mahmoud Taghizadeh

On Tue, 4 Jun 2002, Hamid Hashemi Golpayegani wrote:

> Thanks henrik ,
>
> Yeah all of my clients are dial-up users and also I have checked the
> /proc/sys/net/ipv4 and there is no file named tcp_syncookies . May be I
> have not choose some feature when compiling the kernel . Is that
> sufficient to increase /proc/sys/net/ipv4/tcp_max_syn_backlog (
> currently 1024 ) and restart the squid or I should recompile the kernel
> and make tcp_syncookies available ?!
>
> --
> Regards
>
> =================================================================
> / Seyyed Hamid Reza / WINDOWS FOR NOW !! /
> / Hashemi Golpayegani / Linux for future , FreeBSD for ever /
> / Morva System Co. / ------------------------------------- /
> / Network Administrator/ hamid@morva.net , ICQ# : 42209876 /
> ================================================================
>
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@marasystems.com]
> Sent: Tuesday, June 04, 2002 3:24 AM
> To: Hamid Hashemi Golpayegani; squid-users@squid-cache.org
> Subject: Re: [squid-users] Dmesg message in kernel 2.4 !
>
>
> Your TCP SYN backlog is filled.. either by someone SYN flooding your,
> or by having too many slow clients..
>
> Try increasing /proc/sys/net/ipv4/tcp_max_syn_backlog (a restart of
> Squid may be needed), or enabling SYN cookies.. (echo 1
> >/proc/sys/net/ipv4/tcp_syncookies)
>
> Regards
> Henrik
>
>
>
> On Tuesday 04 June 2002 00:39, Hamid Hashemi Golpayegani wrote:
> > Hi ,
> >
> > I have recently changed my kernel version from 2.2.20 to 2.4.18 and
> > everythings works fine but there a message in my dmesg that I think
> > cause of some attack setting in kernel 2.4 :
> >
> > TCP: drop open request from 62.220.111.42/3698
> > TCP: drop open request from 62.220.111.42/3699
> > NET: 338 messages suppressed.
> >
> > I got this message for different IP address many times . What this
> > means ?! I think that I must increase some parameter in proc for
> > solving this problem . Any idea ?!
>
>
>
>
Received on Sun Jun 09 2002 - 02:11:40 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:37 MST