Possible syn flood on webserver
Hi,
I've setup a server using sarge apache2-prefork/php4/kernel-2.6.8 with
really light website. For the first high traffic usage of this server,
I limited apache2 to 1000 concurrent connections and we had 1000
concurrent connections with a traffic of about 10Mbit/s. No more
connections was possible so I increased it to 2000 and it went up to
2000. Same happens, I changed to 4000 and get 3000 apache processes. I
was able to connect locally wiht lynx, but not remotely. Ssh was slow
too, server load not much than 2, memory not full, cpu 50%idle. And I
saw in my logs a lot of "TCP: drop open request from ..." with a lot of
different sources ips. I then enable syncookies and got a lot of
possible SYN flooding on port 80. Sending cookies.
dropping request, synflood is possible
but the server always didn't respond to new requests.
The server was using ip_conntrack for little firewalling, so I checked
/proc/net/ip_conntrack is less than /proc/sys/net/ipv4/ip_conntrack_max.
(was OK).
Any Idea of what happens? Was this a synflood, a misconfiguration (maybe
tcp related), ...? Any hints on tunning this configuration?
Thanks for any help:)
--
Emmanuel Lacour ------------------------------------ Easter-eggs
44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité
Phone: +33 (0) 1 43 35 00 37 - Fax: +33 (0) 1 41 35 00 76
mailto:elacour@easter-eggs.com - http://www.easter-eggs.com
Reply to: