Possible SYN flooding on port xxx. Sending cookies (Linux)

From ben.goodacre.name/tech

Jump to: navigation, search

Contents

Symptom

dmesg shows that possible SYN flooding is occurring:

$ dmesg
.......
possible SYN flooding on port xxx. Sending cookies.
possible SYN flooding on port xxx. Sending cookies.
possible SYN flooding on port yyy. Sending cookies.
possible SYN flooding on port yyy. Sending cookies.
possible SYN flooding on port xxx. Sending cookies.
possible SYN flooding on port xxx. Sending cookies.
possible SYN flooding on port xxx. Sending cookies.

Cause

$ cat /proc/sys/net/ipv4/tcp_max_syn_backlog 
1024

Resolution

Adjust the size, 4096 is recommended unless the box has a minute amount of memory in modern standards (<1Gb).

# echo "4096" >/proc/sys/net/ipv4/tcp_max_syn_backlog

See Also

tcp_max_syn_backlog | LinuxInsight

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox