![]() ![]() I don't know if this is an actual problem or not, but it's worth checking the conntrack tables to see if they're blossoming. Oh, and this is perhaps related: stateful firewalling might defeat SYN cookies, as you can't have stateful firewalling without maintaining state and SYN cookies work by not maintaining state. REDIRECT tcp - anywhere anywhere tcp dpt:www redir ports 8080 I'm using iptables NAT table to redirect incoming connections in port 80 to 8080 Sending cookies.ĭescription Oh, and this is perhaps related: stateful firewalling might defeat SYN cookies, as you can't have stateful firewalling without maintaining state and SYN cookies work by not maintaining state. Kernel: TCP: Possible SYN flooding on port 8080. Sending cookies.Īnd cat /proc/sys/net/ipv4/tcp_syncookies results in 1Īny clues? > Are SYN cookies actually working? While this is happening, you shouldn't see the connections in SYN_RECV state on your server. Kernel: TCP: Possible SYN flooding on port 8080\. However kern.log is filled with messages like this: Hm, then maybe it is not working, since the way in which I detected the syn flood attack was by running that command and seeing that a single ip was generating hundreds of SYN_RECV connections. ![]() I'd bypass my stateful firewalling and try it over IPv6, but hping3 doesn't do IPv6 and I've got better things to do with my day :-)ĭescription > Are SYN cookies actually working? While this is happening, you shouldn't see the connections in SYN_RECV state on your server. This made it look like my site was down from here, but only over IPv4… IPv6 from here and IPv4 from everywhere else was fine. (netstat -nt)Īlso, you're trying the hping3 from somewhere that isn't behind a firewall or NAT, correct? I just tried to reproduce this here, but my NAT promptly went apepoop and stopped the flood. I'd bypass my stateful firewalling and try it over IPv6, but hping3 doesn't do IPv6 and I've got better things to do with my day :-) Are SYN cookies actually working? While this is happening, you shouldn't see the connections in SYN_RECV state on your server. Not before my target syslog'd this, though: This made it _look_ like my site was down from here, but only over IPv4… IPv6 from here and IPv4 from everywhere else was fine. Description Are SYN cookies actually working? While this is happening, you shouldn't see the connections in SYN_RECV state on your server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |