Possible SYN flooding on port 443 error in Lish console
Hello everyone, I am new to this community.
I need your help. I have a website https://addguru.in and a subdomain https://us.addguru.in pointed to the same website's public_html folder. This website has heavy trafic on daily basis.
my vps system settings are as given below
vm.panic_on_oom=1
kernel.panic=10
net.ipv4.tcp_syn_retries = 3
# default=5
net.ipv4.tcp_synack_retries = 3
# default=5
net.ipv4.tcp_max_syn_backlog = 65536
# default=1024
net.core.wmem_max = 8388608
# default=124928
net.core.rmem_max = 8388608
# default=131071
net.core.somaxconn = 512
# default = 128
net.core.optmem_max = 81920
# default = 20480
but I get error [ 396.286161] TCP: request_sock_TCP: Possible SYN flooding on in lish console. When I reboot the server then my website works fine for some time, but after some minutes when traffic starts then it goes down. and gives the error
This site can’t be reached addguru.in took too long to respond.
Kindly help in this issue.
5 Replies
mjones
Linode Staff
After doing a bit of research it looks like you're on the right track with the settings you have already. However, you may want to turn on syncookies as it can help in some situations.
net.ipv4.tcp_syncookies = 1
In addition, make sure your Linode is booting via Grub 2 with the distro supplied kernel. That way you can make any kernel changes necessary.
We have a guide on changing your Linode's kernel settings in the Linode manager here.
okay trying this
Thanks for your reply.
after making changes in grub as per the article https://linode.com/docs/platform/how-to-change-your-linodes-kernel/#configure-grub
i tried the command net.ipv4.tcp_syncookies = 1 in the lish console but it gives the error -bash: net.ipv4.tcp_syncookies: command not found
bellow is the full logs so you could check it.
[root@server ~]# mkdir /boot/grub
mkdir: cannot create directory ‘/boot/grub’: File exists
[root@server ~]# ln -s /boot/grub2/grub.cfg /boot/grub/grub.cfg
ln: failed to create symbolic link ‘/boot/grub/grub.cfg’: File exists
[root@server ~]# grub2-mkconfig -o /boot/grub/grub.cfg
Generating grub configuration file …
Found linux image: /boot/vmlinuz-3.10.0-957.1.3.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-957.1.3.el7.x86_64.img
Found linux image: /boot/vmlinuz-3.10.0-862.14.4.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-862.14.4.el7.x86_64.img
Found linux image: /boot/vmlinuz-3.10.0-862.11.6.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-862.11.6.el7.x86_64.img
Found linux image: /boot/vmlinuz-3.10.0-862.6.3.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-862.6.3.el7.x86_64.img
Found linux image: /boot/vmlinuz-3.10.0-862.3.2.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-862.3.2.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-4f09fa5fdd3642fa85221d7c11370603
Found initrd image: /boot/initramfs-0-rescue-4f09fa5fdd3642fa85221d7c11370603.img
done
[root@server ~]# touch /.autorelabel
[root@server ~]# net.ipv4.tcp_syncookies = 1
-bash: net.ipv4.tcp_syncookies: command not found
[root@server ~]#
in adtion I have not rebooted the server after making changes in the grub. Should I try again after reboot?
I just want to mention that it's a good idea to backup your system before making changes grub.
You're seeing this error because
net.ipv4.tcp_syncookies = 1
is not a command.
I would add net.ipv4.tcp_syncookies = 1 to your /etc/sysctl.conf file.
Save and close the file and then use the following command
sysctl -p
You can check that your changes have gone through by running the following command
sysctl -n net.ipv4.tcp_syncookies
You should see a 1 if this worked.
