Re: [squid-users] possible SYN flooding on port 3128. Sending cookies

2010-06-06 Thread Khemara Lyn
On 06/06/2010 03:12 AM, Henrik Nordström wrote: lör 2010-06-05 klockan 07:31 +0700 skrev Khemara Lyn: What would be the good values for these parameters? Any extra parameters i should add? Add a zero to tcp_max_syn_backlog perhaps? If that does not help then you need to investigate

Re: [squid-users] possible SYN flooding on port 3128. Sending cookies

2010-06-05 Thread Henrik Nordström
lör 2010-06-05 klockan 07:31 +0700 skrev Khemara Lyn: > What would be the good values for these parameters? > Any extra parameters i should add? Add a zero to tcp_max_syn_backlog perhaps? If that does not help then you need to investigate the issue further. Regards Henrik

Re: [squid-users] possible SYN flooding on port 3128. Sending cookies

2010-06-04 Thread Khemara Lyn
Thank you for your response, Henrik. I have this in /etc/sysctl.conf: net.ipv4.ip_forward = 0 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.tcp_max_syn_backlog = 2048 net.ipv4.tcp_syncookies = 1 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf

Re: [squid-users] possible SYN flooding on port 3128. Sending cookies

2010-06-04 Thread Henrik Nordström
fre 2010-06-04 klockan 11:51 +0700 skrev Khemara Lyn: > "Jun 4 11:11:39 cache kernel: possible SYN flooding on port 3128. > Sending cookies." You get this message when the SYN backlog queue is filled in the TCP kernel. This is mainly connections in SYN_RECV state. It is safe to tune up the lim

[squid-users] possible SYN flooding on port 3128. Sending cookies

2010-06-03 Thread Khemara Lyn
Dear All, I could see a lot of instances of the following message in the system log of Fedora 12 running Squid-2.7STABLE9: "Jun 4 11:11:39 cache kernel: possible SYN flooding on port 3128. Sending cookies." Is the system really under SYN flood attack? I tried running this command: netsta

Re: [squid-users] possible SYN flooding on port 3128

2009-11-27 Thread Henrik Nordstrom
ons 2009-11-25 klockan 05:51 -0800 skrev Landy Landy: > I also checked netstat -nat and noticed a lot about 1200 of ESTABLISHED > connections from one ip address. > > I called this person and told me no one was using that machine. > echo 1 > /proc/sys/net/ipv4/tcp_syncookies > > Is this a vi

[squid-users] possible SYN flooding on port 3128

2009-11-25 Thread Landy Landy
Hello. I noticed my internet connection was crawling, not even google.com would open. I checked syslog and noticed: kernel: possible SYN flooding on port 3128. Sending cookies. I also checked netstat -nat and noticed a lot about 1200 of ESTABLISHED connections from one ip address. I called t

Re: [squid-users] possible SYN flooding

2006-12-04 Thread Karl R. Balsmeier
Do you guys know if Apache 2.0.58 servers support the If-Modified-Since HTTP header by default, or is this a squid-specific item that's set within Squid itself? -karl

[squid-users] possible SYN flooding

2006-12-04 Thread wlagmay
Hi All, Im having a problem with my proxy, it is very slow, after I check the messeges I've seen an error like this proxy kernel: possible SYN flooding on port 8080. Sending cookies. Can you please help me on this. Thanks, Wennie