> Debian - Jesus Is Precious's blog
Welcome
User:
Pass:



Main page
 
 
 
Categories
 
444 * <3 ^^ Glory to Gods angels Gabriel and Michael


Show the rest..

Any comments to the blog?
Input your comment here, it will be shown below:

Name

Comment

Lots of Tcp drop Open request from x.x.x.x/50235 - Linux Kernel Problem? [debian 2.6.32-5-amd64]
2017-05-10
[Edit]
[Disable]
[Mark]
[Delete]
[To Top]
[To Bottom]
[Mail it]
[Picture tag]

[Science tag]

Linux & networking forum


User Questions / 2017.05 by thereaper

Hello. I have this problem with tcp drop open requests as of the newer linux kernel. Anyone know the cause. It is really annoying me. Drops connections to my apache server...??



root@ns1:~# dmesg|tail -30
[1487338.988565] TCP: drop open request from 188.165.166.28/53139
[1487343.664425] TCP: drop open request from 89.207.31.250/50235
[1487343.664433] TCP: drop open request from 89.207.31.250/50238
[1487343.664438] TCP: drop open request from 89.207.31.250/50236
[1487343.664444] TCP: drop open request from 89.207.31.250/50237
[1487346.653806] TCP: drop open request from 89.207.31.250/50235
[1487346.653815] TCP: drop open request from 89.207.31.250/50238
[1487346.654101] TCP: drop open request from 89.207.31.250/50236
[1487346.654521] TCP: drop open request from 89.207.31.250/50237
[1487347.124249] TCP: drop open request from 188.165.166.28/28707
[1487347.142439] TCP: drop open request from 84.238.103.177/64327
[1487348.207219] TCP: drop open request from 188.165.166.28/32941
[1487349.834611] TCP: drop open request from 188.165.166.28/59071
[1487350.918553] TCP: drop open request from 188.165.166.28/35408
[1487351.640618] TCP: drop open request from 171.161.48.16/58499
[1487351.655374] TCP: drop open request from 171.161.48.16/58502
[1487352.654813] TCP: drop open request from 89.207.31.250/50236
[1487352.654823] TCP: drop open request from 89.207.31.250/50237
[1487354.738750] TCP: drop open request from 68.33.95.25/37023
[1487354.758041] TCP: drop open request from 188.165.166.28/17187
[1487354.797633] TCP: drop open request from 68.33.95.25/36960
[1487356.095213] TCP: drop open request from 68.33.95.25/37288
[1487356.098224] TCP: drop open request from 68.33.95.25/37093
[1487357.402441] TCP: drop open request from 216.244.66.248/36100
[1487358.402006] TCP: drop open request from 216.244.66.248/36100
[1487360.426780] TCP: drop open request from 188.165.166.28/59969
[1487368.642040] TCP: drop open request from 88.203.8.136/51771
[1487371.515211] TCP: drop open request from 188.165.166.28/8249
[1487378.147277] TCP: drop open request from 192.38.136.215/3752
[1487378.147286] TCP: drop open request from 192.38.136.215/3753


Fix for this problem...
root@ns1:~# ifconfig eth0 txqueuelen 3000
root@ns1:~#

root@ns1:~# ifconfig
eth0     Link encap:Ethernet HWaddr 00:16:3e:0e:78:fa
         inet addr:71.16.16.112 Bcast:77.66.47.255 Mask:255.255.252.0
         UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
         RX packets:1145162334 errors:0 dropped:0 overruns:0 frame:0
         TX packets:56142589 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:3000
         RX bytes:659760515625 (614.4 GiB) TX bytes:33202331510 (30.9 GiB)

lo        Link encap:Local Loopback
         inet addr:127.0.0.1 Mask:255.0.0.0
         UP LOOPBACK RUNNING MTU:16436 Metric:1
         RX packets:721360700 errors:0 dropped:0 overruns:0 frame:0
         TX packets:721360700 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:58646985696 (54.6 GiB) TX bytes:58646985696 (54.6 GiB)



What is this error about? printk drop open request in dmesg?

Keep getting dropped tcp packets on my linux server shell.


By increasing txqueue on eth0 network interface i seemed to solve the problem temporarily

it may be ddos related


beware people, if it is a ddos it could be very costly to up the txqueuelen, some people do not care if it hurts the victim of the ddos,they just ddos people

evil people are out there in many places


monitor your server closely for traffic fees


Upping txqueue len to 3000 is a safe bet for most, unless you are unlucky to be under ddos

But it can be hard to know.... they ddos on many ports today


Can take some time finding out

Iptraf(1) is a good tool to monitor bandwidth on linux


I recommend debian linux on your server, been using it flawlessly since 1999.



Alternate solution
You can also modify syslog, dmesg is ratelimited by the linux kernel, and that is usually ok, you can disable this logging ratelimit if you want. With sysctl

This one was recommended but didnt work for me..

# sysctl -w net.core.message_cost=0


Normally never needed to print more lines in dmesg, it is ratelimited to not annoy the serveradmin/bofh.




Category.
Linux
Server
Shell
DDOS
Printk Kernel Limit
Dmesg Drop Open
Drop open request linux
Linux drop open request
Tcp drop open request problem
Problem with tcp drop open
Drop open request dmesg log
Server down
Strange problem drop open request linux


If you got a good solution let me know people. This has annoyed me for a while. Server keep going down. Never had it before.

It is a cloud server, and I do have suspicion their net is not very good. Never had trouble before moving there much. But I did have ddosses laying the server down rarely before too.

Could be ddos.

Ddoses are nasty. What people don't do for own greed.

It is used only for own greed typically.

The planet will be better off without evil people performing ddoses on others, just like without evil people who spam others.

Noone likes a ddosser or a spammer. So I wonder why they keep doing it.

Billions of spam are sent out each year. And they take our all's time.

I spend as much time removing spam often, as replying to normal email. They can be very elaborate and convincing. But idiotic.


It i a shame we live in a greedy world at times where people don't think of their neighbor or don't want to work for their living.

So they need to steal from others - which spamming is, or fraud them again via spam.



Did the iptraf... always a good thing to do on your server after having possible ddos problems...


IPTraf
┌ Statistics for eth0 ─────────────────────────────────────────────────────────┐
│                                                                             │
│             Total     Total    Incoming Incoming    Outgoing Outgoing │
│             Packets     Bytes     Packets     Bytes     Packets     Bytes │
│ Total:         8703    3669141        7682    3375356        1021     293785 │
│ IP:            8703    3550389        7682    3270898        1021     279491 │
│ TCP:         3508    3226604        2984    3020291         524     206313 │
│ UDP:         5194     323681        4697     250503         497     73178 │
│ ICMP:             1        104         1        104         0         0 │
│ Other IP:         0         0         0         0         0         0 │
│ Non-IP:         0         0         0         0         0         0 │
│                                                                             │
│                                                                             │
│ Total rates:     2189.3 kbits/sec        Broadcast packets:            8 │
│                     537.2 packets/sec     Broadcast bytes:            504 │
│                                                                             │
│ Incoming rates:    2012.8 kbits/sec                                         │
│                     473.2 packets/sec                                        │
│                                            IP checksum errors:         0 │
│ Outgoing rates:     176.5 kbits/sec                                         │
│                     64.0 packets/sec                                        │
└ Elapsed time: 0:00 ────────────────────────────────────────────────────────┘
X-exit



Other possible causes... if on cloud... out of memory but swapping..



root@ns1:~# free -m
             total     used     free     shared    buffers     cached
Mem:         493        426         67         0         24         77
-/+ buffers/cache:        323        169
Swap:         1023        672        351


You see I run out of memory... not good
But memory can be expensive. Already high price for this server.


If you got lots of money, be sure you got plenty memory on server.

So you don't run out.


Running out means server kills your processes one by one!
Not good.


Better to have too much memory.

Unfortunately I couldn't afford more mem at present.


Linux is a wonderful invention, look it only uses like 30MB of memory to run the whole operating system, meaning you get lots of memory available to your server. More services for the bucks compared to windows.

And certainly a step up in security. I could never imagine running windows again on a server. Haven't done so in over 15 years or so. Not very often.

Debian linux seems the ultimate linux so far. But only in terms of security, stability. If you want ultimate freedom there is no way around slackware, or even doing a linux kernel with gnu base yourself. Freedom is understanding.


Debian is not fully free in some ways, but I forgot which right now, unbutu is much worse though. Yet I deeply appreciate both, a big step away from proprietory software which apple and microsoft represent.

Ubuntu often has nonfree as an option, so I would never recommend it on a server, it also autoupdates much too fast, too many releases. Dangerous on server.

Debian has the reliability safemark, their stable edition is very stable, only a new one ever 3-4 years,and nothing critical ever tends to break.

Probably the most stable linux distro out there,and it has net install. It's why I like it. Just install from the net. No need to burn at all except a minimal iso.


You always get newest packages this way. Newest stable.

Debian is optimal for servers I think, but for desktop I could still miss that slackware, it's like sex on the brain for the geek. It's so sexy. Just like gentoo is. You gotta try it to see. Nothing is more sexy than giving those cflags arguments to compiling and optimizing your binaries. Or compiling overnight.

You may get firefox to launch a bit faster this way. Or even you could remove 80% of its unneeded features. In the code itself. Gentoo gives you all the code with each program. Slackware does too (tarballs).

It's very leet, beautiful, I dunno what you call it. It attacts geeks, coders ,, coders come running. The best coders have tried slackware, and it is no coincidence, it may be best development platform.

It has vi,python,bash and more.



Uh huh

Yeah



2017-05-10 - Af Jesus Is Precious
 
 
Other Articles in the Category Debian
Lots of Tcp drop Open request from x.x.x.x/50235 - Linux Kernel Problem? [debian 2.6.32-5-amd64]
Postfix Gmail setting up a Relay Server "HowTo" (SASL+TLS)
Install GNU on your brain
Diskspace usage with df -Pl and sed oneliner "Only one tool" (Sysadm cron code)



Any comments to my blog?
Input your comment here, it will be shown below:

Name

Comment



Comments received:


No comments received for this page/article.