We installed 2 production servers and suddenly we started getting strange connection problems, with no errors in the application or system logs. The problems were highly intermittent, but amounted to being unable to connect to a port our TCP server was receiving client internet connections on.
After 3 days of debugging (netfilter, the server application, writing custom bash/awk programs to poll and graph netstat, doing tcpdumps) the problem what traced to random SYN attacks. It turns out that net.ipv4.tcp_syncookies=1 is commented out in the *server* edition of Ubuntu 8.04! After all this wasted time (and upset users), my only reaction is "WTF...?" We have many SuSE production servers, starting from 9.0 and they all came with syn cookies enabled. Messages like possible SYN flooding on port 80. Sending cookies. are *very* common in /var/log/messages, anybody who has run a heavily loaded server with many connections has seen tons of them. A developer above seems to answer that "use of this option causes the system to violate the TCP standard". I guess SuSE developers understood better that a server-intended Linux distribution is not a computer science exercise, but an operating system that is *actually used* for production servers. -- proc/sys/net/ipv4/tcp_syncookies=1 should be seriously considered to permit SYN flood defense... https://bugs.launchpad.net/bugs/57091 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
