• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Kernel Logs Warning Messages “kernel: Possible SYN flooding on port X. Sending cookies” is logged”

By admin

The Problem

Sometimes Linux kernel logs warning messages as followings:

Mar  7 09:17:14 hostname kernel: TCP: Possible SYN flooding on port 26450. Sending cookies.

or

Mar  7 09:17:14 hostname kernel: TCP: Possible SYN flooding on port 26450. Dropping request.

The Solution

This is a warning message, which indicates that the server is frequently attempted to connect to the specific port, and the kernel warns that this might possibly be an SYN flood attack(=DoS(Denial of Service) attack).

When this message is logged, the kernel returns a syn cookie to the client or just drops the packet for self-guard, which is controlled by /proc/sys/net/ipv4/tcp_syncookies.

Please check the port and network traffic whether it is certainly DoS attack. If no attack is confirmed, this message can be ignored. The frequency of logging the message can be controled by 2 kernel parameters below:

/proc/sys/net/core/message_cost(def=5)
/proc/sys/net/core/message_burst(def=10)

“message_cost” is “the interval(jiffies) how long the kernel decides it might be SYN flood attack”.

“message_burst” is “how frequently the message logs during message_cost”. Reducing the number can reduce the frequency of logging the message.

These can be set by sysctl even on the running production system. For example, adding lines in /etc/sysctl.conf as:

# vi /etc/sysctl.conf
net.core.message_cost = 10
net.core.message_burst = 20

and run the following command after that:

# sysctl -p

This does not affect any system availability.

Filed Under: CentOS/RHEL 6, CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. Beginners Guide to NFS in CentOS / RHEL
  2. How to (Correctly) Change the UID and GID of a user/group in Linux
  3. Linux / UNIX : How to send mails with attachments using mailx command
  4. How to Verify a Lun is in Active/Optimized Mode when ALUA Is Configured on Storage
  5. CentOS / RHEL : How to migrate storage (LVM) with pvmove Command
  6. Using vmstat to troubleshoot performance issues in Linux
  7. How to Calculate Memory Usage in Linux using sar, ps, and free
  8. How to effectively use Man Pages under Linux
  9. How to Reserve a Port Range for a Third Party Application in CentOS/RHEL
  10. How To Force User/Group Ownership Of Files On A Samba Share

You May Also Like

Primary Sidebar

Recent Posts

  • Oracle Database – Configuring Secure Application Roles
  • Extend rule sets by using factors in Oracle Database Vault
  • What are Command Rules in oracle Database
  • Using Rule Sets in Oracle Database Vault
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary