I was DDoS'd today while away and came home to find the firewall unable to
do anything network related (although my connection to irc was still
working oddly). a quick dmesg showed the problem.
ip_conntrack: maximum limit of 2048 entries exceeded
NET: 1 messages suppressed.
ip_conntrack: maximum limit of 2048 entries exceeded
NET: 3 messages suppressed.
ip_conntrack: maximum limit of 2048 entries exceeded
NAT: 0 dropping untracked packet c1e69980 6 192.168.1.2 -> 206.251.7.30
ip_conntrack: maximum limit of 2048 entries exceeded
NAT: 0 dropping untracked packet c1e69b60 6 192.168.1.2 -> 206.251.7.30
ip_conntrack: maximum limit of 2048 entries exceeded
That is a very small snippet of dmesg. It seems that ip_conntrack did not
flush or reset after the attack, even though everything was fine when i got
home. Keep in mind, this was a somewhat massive attack on my network here
but is only connected via a DSL line, it seems the attackers sent hundreds
or thousands of very small packets resulting in 21000 connection attempts
in a short amount of time. Is this a bug with ip_conntrack? this is
kernel version 2.4.0-test5, it's been up for 74 days. I had to reload
ip_conntrack to flush it and everything worked fine after that. Thanks
for any info.
ps. If this is a previously discovered bug, is it fixed in the latest
kernels?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
