Support

seyit · #1 12-27-2011, 12:51 AM

Hi,

i just try to know how is going litespeed while on ddos attack..
i set up ubuntu with kernel 3.0 also i configuration ddos params on litespeed
i just tring http flood it goes fine.. But i got 1 problem..

while i try Syn fooding.. server is stuck..
backlog queue is full and 3way handshake is filled up..

here u see what happens.
root@litespeed:/etc# netstat -n -p TCP |grep SYN_RECV | wc -l
256

question is how can i increase backlog queue? . Because on linux its only 256 connection on default.. i want to increase this anyone know how it be ? or any configuration that i miss on litespeed ?

Thanks.

mistwang · #2 12-27-2011, 11:07 AM

You should increase /proc/sys/net/core/somaxconn, and /proc/sys/net/ipv4/tcp_max_syn_backlog

seyit · #3 12-27-2011, 11:31 PM

there is nothing changes.. i tried it. also i tried other things..

Here you see when in underattack

root@litespeed:~# cat /proc/sys/net/core/somaxconn
512
root@litespeed:~# cat /proc/sys/net/ipv4/tcp_max_syn_backlog
100000
root@litespeed:~# netstat -n -p TCP | grep SYN_RECV |wc -l
256
root@litespeed:~#

Server is still stuck i didnt increase backlog queue with those params..

What can i do more ?

seyit · #4 12-27-2011, 11:33 PM

Quote:

Originally Posted by mistwang

You should increase /proc/sys/net/core/somaxconn, and /proc/sys/net/ipv4/tcp_max_syn_backlog

any configuration do i need to change in litespeed..
i m testing litespeen on ubuntu with kernel 3.0

mistwang · #5 12-28-2011, 12:35 PM

you should enable tcp_syncookies in order for making tcp_max_syn_backlog effective.
It should not be set too high.

seyit · #6 12-29-2011, 12:56 AM

i also change all those things.. because still i it cant be increased..

net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_synack_retries = 2
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv6.conf.default.router_solicitations = 0
net.ipv6.conf.default.accept_ra_rtr_pref = 0
net.ipv6.conf.default.accept_ra_pinfo = 0
net.ipv6.conf.default.accept_ra_defrtr = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.default.dad_transmits = 0
net.ipv6.conf.default.max_addresses = 1
net.core.optmem_max = 40960
kernel.exec-shield = 1
kernel.randomize_va_space = 1
net.ipv4.tcp_rmem = 4096 87380 8388608
net.ipv4.tcp_wmem = 4096 87380 8388608
net.core.rmem_max = 8388608
net.core.wmem_max = 8388608
net.core.netdev_max_backlog = 5000
net.ipv4.tcp_window_scaling = 1
fs.file-max = 65535
kernel.pid_max = 65536
net.ipv4.ip_local_port_range = 2000 65000

Still 256 connection.. how can i increase this backlog queue ?
i tried in ubuntu kernel 3.0 and centos 2.6 still same problem.. i cant increase backlog queue..

webizen · #7 12-29-2011, 12:18 PM

pls paste the result of following.

Quote:

sysctl -a | grep tcp_max_syn_backlog

seyit · #8 01-03-2012, 06:17 AM

error: permission denied on key 'vm.compact_memory'
error: permission denied on key 'net.ipv4.route.flush'
net.ipv4.tcp_max_syn_backlog = 2048
error: permission denied on key 'net.ipv6.route.flush'