You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Arnab Ganguly <ag...@gmail.com> on 2008/07/23 20:48:59 UTC

[users@httpd] Help on Syn flood with Apache

Hi All,
I am using Apache 2.2 with mpm model as worker in RedHat 3.0.
When I do a dmesg from the command prompt I get lot of the below message

possible SYN flooding on port 84. Sending cookies.
possible SYN flooding on port 82. Sending cookies.
possible SYN flooding on port 81. Sending cookies.
possible SYN flooding on port 84. Sending cookies.

Those are the listening the ports of the Apache.I am having 4 different
instances are running.When I do a netstat of lsof on a particular port I see
SYN_RCV is taking 50 % of the connections, which may have caused the  kernel
to throw the "SYN_FLOOD_ATTACK", correct me if I am wrong.
I have the following configuration  net.ipv4.tcp_max_syn_backlog = 1024 and
net.ipv4.tcp_syncookies = 1 and net.ipv4.tcp_keepalive_time = 7200

So what would be the workaround for the above scenario, and what is the main
issue it is causing the above behavior.Any help would be very much
appreciated.
Thanks in advance
Regards
Arnab