Error
tail -n100 /var/log/messages
Apr 9 14:51:24 62371 auditd[5044]: Audit daemon rotating log files Apr 9 14:53:03 62371 kernel: possible SYN flooding on port 22. Sending cookies. Apr 9 14:56:24 62371 kernel: possible SYN flooding on port 22. Sending cookies. Apr 9 14:57:24 62371 kernel: possible SYN flooding on port 22. Sending cookies. Apr 9 14:58:32 62371 kernel: possible SYN flooding on port 22. Sending cookies. Apr 9 14:59:39 62371 kernel: possible SYN flooding on port 22. Sending cookies. Apr 9 15:01:54 62371 kernel: possible SYN flooding on port 22. Sending cookies. Apr 9 15:04:08 62371 kernel: possible SYN flooding on port 22. Sending cookies. Apr 9 15:05:10 62371 kernel: possible SYN flooding on port 22. Sending cookies. Apr 9 15:06:17 62371 kernel: possible SYN flooding on port 22. Sending cookies. Apr 9 15:07:21 62371 kernel: possible SYN flooding on port 22. Sending cookies. Apr 9 15:08:25 62371 kernel: possible SYN flooding on port 22. Sending cookies. Apr 9 15:09:30 62371 kernel: possible SYN flooding on port 22. Sending cookies. Apr 9 15:10:38 62371 kernel: possible SYN flooding on port 22. Sending cookies.
nano /etc/sysctl.conf
add file
net.core.message_cost = 10 net.core.message_burst = 20
and run the following command after that:
sysctl -p
Check
netstat -n -p | grep SYN_REC| awk '{print $5}'|awk -F: '{print $1}' | sort -n | uniq -c | sort -nr | head -n10
# netstat -n -p | grep SYN_REC| awk '{print $5}'|awk -F: '{print $1}' | sort -n | uniq -c | sort -nr | head -n10
1 89.42.252.124
1 36.92.95.10
1 199.223.232.221
1 183.91.23.83
How to disable SYN cookies
sysctl -w net.ipv4.tcp_syncookies=0
add config /etc/sysctl.conf line:
You can disable syncookies by adding the following line to /etc/sysctl.conf:
nano /etc/sysctl.conf
# disable TCP SYN Flood Protection net.ipv4.tcp_syncookies=0
Also note that the new setting will take only effect after a host reboot.
Another TCP: https://galaxydata.ru/community/optimizaciya-raboty-setevogo-steka-os-lin-61