On Wed, Nov 15, 2000 at 03:46:03PM -0500, safemode wrote:
> I was DDoS'd today while away and came home to find the firewall unable to
> do anything network related (although my connection to irc was still
> working oddly). a quick dmesg showed the problem.
> ip_conntrack: maximum limit of 2048 entries exceeded
[...]
I have also seen this happen on a box which ran test9. Apparently because of
it's long uptime, because the logs should no signs of an attack.
I guess conntrack forgets to flush some entries? Or maybe there is no way it can
recover from a full conntrack table? Is it maybe necessary to make the maximum
size a configurable option? Or a userspace conntrack daemon like the arpd?
I also see a lot of messages like this (on all 2.4 test kernels):
NAT: 0 dropping untracked packet c00643f0 1 131.211.122.89 -> 224.0.0.2
NAT: 0 dropping untracked packet c05468e0 1 131.211.122.89 -> 224.0.0.2
NAT: 0 dropping untracked packet c0064760 1 131.211.122.31 -> 224.0.0.2
Turning of multicast on the respective network interface does not stop these
messages, but anyway they seem rather annoying to me :)
-------------------------------------------
Met vriendelijke groet / with kind regards,
Guus Sliepen <[EMAIL PROTECTED]>
-------------------------------------------
See also: http://tinc.nl.linux.org/
http://www.kernelbench.org/
-------------------------------------------
PGP signature
