[squid-users] Re: possible SYN flooding on port 3128. Sending cookies

Squid Cache: Version 3.1.12.1
Linux 2.6.38-8-server #42-Ubuntu SMP Mon Apr 11 03:49:04 UTC 2011 x86_64
x86_64 x86_64 GNU/Linux
/proc/sys/net/ipv4/tcp_max_syn_backlog is 65536
/proc/sys/net/ipv4/tcp_syncookies is 0

        Average HTTP requests per minute since start: 11700.1

File descriptor usage for squid:
        Maximum number of file descriptors: 16384
        Largest file desc currently in use: 4246

/sbin/iptables -t mangle -N DIVERT
/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1
/sbin/iptables -t mangle -A DIVERT -j ACCEPT
/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 3129
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100

but unfortunately i have thousands of this message in dmesg

Jun 13 15:46:17 cache kernel: [98235.807838] net_ratelimit: 19 callbacks
suppressed
Jun 13 15:46:17 cache kernel: [98235.807847] TCP: Possible SYN flooding on
port 80. Dropping request.
Jun 13 15:46:17 cache kernel: [98235.808762] TCP: Possible SYN flooding on
port 80. Dropping request.
Jun 13 15:46:17 cache kernel: [98235.808831] TCP: Possible SYN flooding on
port 80. Dropping request.
Jun 13 15:46:17 cache kernel: [98235.808880] TCP: Possible SYN flooding on
port 80. Dropping request.
Jun 13 15:46:17 cache kernel: [98235.898484] TCP: Possible SYN flooding on
port 80. Dropping request.
Jun 13 15:46:17 cache kernel: [98236.150304] TCP: Possible SYN flooding on
port 80. Dropping request.
Jun 13 15:46:17 cache kernel: [98236.156344] TCP: Possible SYN flooding on
port 80. Dropping request.
Jun 13 15:46:17 cache kernel: [98236.172954] TCP: Possible SYN flooding on
port 80. Dropping request.
Jun 13 15:46:18 cache kernel: [98236.311873] TCP: Possible SYN flooding on
port 80. Dropping request.
Jun 13 15:46:18 cache kernel: [98236.330858] TCP: Possible SYN flooding on
port 80. Dropping request.
Jun 13 15:46:22 cache kernel: [98240.914019] net_ratelimit: 256 callbacks
suppressed
Jun 13 15:46:22 cache kernel: [98240.914027] TCP: Possible SYN flooding on
port 80. Dropping request.
Jun 13 15:46:22 cache kernel: [98240.952442] TCP: Possible SYN flooding on
port 80. Dropping request.
Jun 13 15:46:22 cache kernel: [98241.023632] TCP: Possible SYN flooding on
port 80. Dropping request.
Jun 13 15:46:22 cache kernel: [98241.031661] TCP: Possible SYN flooding on
port 80. Dropping request.
Jun 13 15:46:22 cache kernel: [98241.031770] TCP: Possible SYN flooding on
port 80. Dropping request.
Jun 13 15:46:22 cache kernel: [98241.031883] TCP: Possible SYN flooding on
port 80. Dropping request.
Jun 13 15:46:22 cache kernel: [98241.031911] TCP: Possible SYN flooding on
port 80. Dropping request.
Jun 13 15:46:22 cache kernel: [98241.039737] TCP: Possible SYN flooding on
port 80. Dropping request.
Jun 13 15:46:22 cache kernel: [98241.040034] TCP: Possible SYN flooding on
port 80. Dropping request.
Jun 13 15:46:22 cache kernel: [98241.080768] TCP: Possible SYN flooding on
port 80. Dropping request.

if more info needed just say the command to run .

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/possible-SYN-flooding-on-port-3128-Sending-cookies-tp2242687p3593626.html
Sent from the Squid - Users mailing list archive at Nabble.com.