GalaxyData Community

kernel: possible SYN flooding on port 22. Sending cookies. CentOS 6, 7

Error

tail -n100 /var/log/messages

Apr  9 14:51:24 62371 auditd[5044]: Audit daemon rotating log files
Apr  9 14:53:03 62371 kernel: possible SYN flooding on port 22. Sending cookies.
Apr  9 14:56:24 62371 kernel: possible SYN flooding on port 22. Sending cookies.
Apr  9 14:57:24 62371 kernel: possible SYN flooding on port 22. Sending cookies.
Apr  9 14:58:32 62371 kernel: possible SYN flooding on port 22. Sending cookies.
Apr  9 14:59:39 62371 kernel: possible SYN flooding on port 22. Sending cookies.
Apr  9 15:01:54 62371 kernel: possible SYN flooding on port 22. Sending cookies.
Apr  9 15:04:08 62371 kernel: possible SYN flooding on port 22. Sending cookies.
Apr  9 15:05:10 62371 kernel: possible SYN flooding on port 22. Sending cookies.
Apr  9 15:06:17 62371 kernel: possible SYN flooding on port 22. Sending cookies.
Apr  9 15:07:21 62371 kernel: possible SYN flooding on port 22. Sending cookies.
Apr  9 15:08:25 62371 kernel: possible SYN flooding on port 22. Sending cookies.
Apr  9 15:09:30 62371 kernel: possible SYN flooding on port 22. Sending cookies.
Apr  9 15:10:38 62371 kernel: possible SYN flooding on port 22. Sending cookies.

 

nano /etc/sysctl.conf

add file

net.core.message_cost = 10
net.core.message_burst = 20

and run the following command after that:

sysctl -p

 

Check

netstat -n -p | grep SYN_REC| awk '{print $5}'|awk -F: '{print $1}' | sort -n | uniq -c | sort -nr | head -n10

 

# netstat -n -p | grep SYN_REC| awk '{print $5}'|awk -F: '{print $1}' | sort -n | uniq -c | sort -nr | head -n10
      1 89.42.252.124
      1 36.92.95.10
      1 199.223.232.221
      1 183.91.23.83

How to disable SYN cookies

sysctl -w net.ipv4.tcp_syncookies=0

add config /etc/sysctl.conf line:

You can disable syncookies by adding the following line to /etc/sysctl.conf:

nano /etc/sysctl.conf

 

# disable TCP SYN Flood Protection
net.ipv4.tcp_syncookies=0

Also note that the new setting will take only effect after a host reboot.

Another TCP: https://galaxydata.ru/community/optimizaciya-raboty-setevogo-steka-os-lin-61

Exit mobile version