|Lots of Tcp drop Open request from x.x.x.x/50235 - Linux Kernel Problem? [debian 2.6.32-5-amd64]
Linux & networking forum
User Questions / 2017.05 by thereaper
Hello. I have this problem with tcp drop open requests as of the newer linux kernel. Anyone know the cause. It is really annoying me. Drops connections to my apache server...??
root@ns1:~# dmesg|tail -30
[1487338.988565] TCP: drop open request from 126.96.36.199/53139
[1487343.664425] TCP: drop open request from 188.8.131.52/50235
[1487343.664433] TCP: drop open request from 184.108.40.206/50238
[1487343.664438] TCP: drop open request from 220.127.116.11/50236
[1487343.664444] TCP: drop open request from 18.104.22.168/50237
[1487346.653806] TCP: drop open request from 22.214.171.124/50235
[1487346.653815] TCP: drop open request from 126.96.36.199/50238
[1487346.654101] TCP: drop open request from 188.8.131.52/50236
[1487346.654521] TCP: drop open request from 184.108.40.206/50237
[1487347.124249] TCP: drop open request from 220.127.116.11/28707
[1487347.142439] TCP: drop open request from 18.104.22.168/64327
[1487348.207219] TCP: drop open request from 22.214.171.124/32941
[1487349.834611] TCP: drop open request from 126.96.36.199/59071
[1487350.918553] TCP: drop open request from 188.8.131.52/35408
[1487351.640618] TCP: drop open request from 184.108.40.206/58499
[1487351.655374] TCP: drop open request from 220.127.116.11/58502
[1487352.654813] TCP: drop open request from 18.104.22.168/50236
[1487352.654823] TCP: drop open request from 22.214.171.124/50237
[1487354.738750] TCP: drop open request from 126.96.36.199/37023
[1487354.758041] TCP: drop open request from 188.8.131.52/17187
[1487354.797633] TCP: drop open request from 184.108.40.206/36960
[1487356.095213] TCP: drop open request from 220.127.116.11/37288
[1487356.098224] TCP: drop open request from 18.104.22.168/37093
[1487357.402441] TCP: drop open request from 22.214.171.124/36100
[1487358.402006] TCP: drop open request from 126.96.36.199/36100
[1487360.426780] TCP: drop open request from 188.8.131.52/59969
[1487368.642040] TCP: drop open request from 184.108.40.206/51771
[1487371.515211] TCP: drop open request from 220.127.116.11/8249
[1487378.147277] TCP: drop open request from 18.104.22.168/3752
[1487378.147286] TCP: drop open request from 22.214.171.124/3753
Fix for this problem...
root@ns1:~# ifconfig eth0 txqueuelen 3000
eth0 Link encap:Ethernet HWaddr 00:16:3e:0e:78:fa
inet addr:126.96.36.199 Bcast:188.8.131.52 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1145162334 errors:0 dropped:0 overruns:0 frame:0
TX packets:56142589 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:659760515625 (614.4 GiB) TX bytes:33202331510 (30.9 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:721360700 errors:0 dropped:0 overruns:0 frame:0
TX packets:721360700 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:58646985696 (54.6 GiB) TX bytes:58646985696 (54.6 GiB)
What is this error about? printk drop open request in dmesg?
Keep getting dropped tcp packets on my linux server shell.
By increasing txqueue on eth0 network interface i seemed to solve the problem temporarily
it may be ddos related
beware people, if it is a ddos it could be very costly to up the txqueuelen, some people do not care if it hurts the victim of the ddos,they just ddos people
evil people are out there in many places
monitor your server closely for traffic fees
Upping txqueue len to 3000 is a safe bet for most, unless you are unlucky to be under ddos
But it can be hard to know.... they ddos on many ports today
Can take some time finding out
Iptraf(1) is a good tool to monitor bandwidth on linux
I recommend debian linux on your server, been using it flawlessly since 1999.
You can also modify syslog, dmesg is ratelimited by the linux kernel, and that is usually ok, you can disable this logging ratelimit if you want. With sysctl
This one was recommended but didnt work for me..
# sysctl -w net.core.message_cost=0
Normally never needed to print more lines in dmesg, it is ratelimited to not annoy the serveradmin/bofh.
Printk Kernel Limit
Dmesg Drop Open
Drop open request linux
Linux drop open request
Tcp drop open request problem
Problem with tcp drop open
Drop open request dmesg log
Strange problem drop open request linux
If you got a good solution let me know people. This has annoyed me for a while. Server keep going down. Never had it before.
It is a cloud server, and I do have suspicion their net is not very good. Never had trouble before moving there much. But I did have ddosses laying the server down rarely before too.
Could be ddos.
Ddoses are nasty. What people don't do for own greed.
It is used only for own greed typically.
The planet will be better off without evil people performing ddoses on others, just like without evil people who spam others.
Noone likes a ddosser or a spammer. So I wonder why they keep doing it.
Billions of spam are sent out each year. And they take our all's time.
I spend as much time removing spam often, as replying to normal email. They can be very elaborate and convincing. But idiotic.
It i a shame we live in a greedy world at times where people don't think of their neighbor or don't want to work for their living.
So they need to steal from others - which spamming is, or fraud them again via spam.
Did the iptraf... always a good thing to do on your server after having possible ddos problems...
┌ Statistics for eth0 ─────────────────────────────────────────────────────────┐
│ Total Total Incoming Incoming Outgoing Outgoing │
│ Packets Bytes Packets Bytes Packets Bytes │
│ Total: 8703 3669141 7682 3375356 1021 293785 │
│ IP: 8703 3550389 7682 3270898 1021 279491 │
│ TCP: 3508 3226604 2984 3020291 524 206313 │
│ UDP: 5194 323681 4697 250503 497 73178 │
│ ICMP: 1 104 1 104 0 0 │
│ Other IP: 0 0 0 0 0 0 │
│ Non-IP: 0 0 0 0 0 0 │
│ Total rates: 2189.3 kbits/sec Broadcast packets: 8 │
│ 537.2 packets/sec Broadcast bytes: 504 │
│ Incoming rates: 2012.8 kbits/sec │
│ 473.2 packets/sec │
│ IP checksum errors: 0 │
│ Outgoing rates: 176.5 kbits/sec │
│ 64.0 packets/sec │
└ Elapsed time: 0:00 ────────────────────────────────────────────────────────┘
Other possible causes... if on cloud... out of memory but swapping..
root@ns1:~# free -m
total used free shared buffers cached
Mem: 493 426 67 0 24 77
-/+ buffers/cache: 323 169
Swap: 1023 672 351
You see I run out of memory... not good
But memory can be expensive. Already high price for this server.
If you got lots of money, be sure you got plenty memory on server.
So you don't run out.
Running out means server kills your processes one by one!
Better to have too much memory.
Unfortunately I couldn't afford more mem at present.
Linux is a wonderful invention, look it only uses like 30MB of memory to run the whole operating system, meaning you get lots of memory available to your server. More services for the bucks compared to windows.
And certainly a step up in security. I could never imagine running windows again on a server. Haven't done so in over 15 years or so. Not very often.
Debian linux seems the ultimate linux so far. But only in terms of security, stability. If you want ultimate freedom there is no way around slackware, or even doing a linux kernel with gnu base yourself. Freedom is understanding.
Debian is not fully free in some ways, but I forgot which right now, unbutu is much worse though. Yet I deeply appreciate both, a big step away from proprietory software which apple and microsoft represent.
Ubuntu often has nonfree as an option, so I would never recommend it on a server, it also autoupdates much too fast, too many releases. Dangerous on server.
Debian has the reliability safemark, their stable edition is very stable, only a new one ever 3-4 years,and nothing critical ever tends to break.
Probably the most stable linux distro out there,and it has net install. It's why I like it. Just install from the net. No need to burn at all except a minimal iso.
You always get newest packages this way. Newest stable.
Debian is optimal for servers I think, but for desktop I could still miss that slackware, it's like sex on the brain for the geek. It's so sexy. Just like gentoo is. You gotta try it to see. Nothing is more sexy than giving those cflags arguments to compiling and optimizing your binaries. Or compiling overnight.
You may get firefox to launch a bit faster this way. Or even you could remove 80% of its unneeded features. In the code itself. Gentoo gives you all the code with each program. Slackware does too (tarballs).
It's very leet, beautiful, I dunno what you call it. It attacts geeks, coders ,, coders come running. The best coders have tried slackware, and it is no coincidence, it may be best development platform.
It has vi,python,bash and more.
2017-05-10 - Af Maja Ingerslev