Results 1 to 8 of 8
  1. #1
    Join Date
    Mar 2008
    Posts
    263

    ip_conntrack issue!!!

    Please see following picture, its see on my server and server is down!
    Its a hypervm main node server.
    Help me to resolve this issue please.
    Attached Thumbnails Attached Thumbnails firewall.GIF  
    Need More Power?!
    PersianWhois.Com

  2. #2
    Join Date
    Apr 2009
    Location
    North America
    Posts
    49
    echo 0 > /proc/sys/net/netfilter/nf_conntrack_acct
    Try out my opensource software DDoS Mitigation system at http://daedalous.net/

  3. #3
    Join Date
    Mar 2008
    Posts
    263
    Thank you very much.
    Problem resolved, but server request response time is very very low!
    Need More Power?!
    PersianWhois.Com

  4. #4
    Join Date
    May 2008
    Location
    Houston
    Posts
    44
    You are probably being attacked. I'd recommend contacting someone who knows how to mitigate it, or ask your datacenter and see if they have DDOS Protection

  5. #5
    Join Date
    Mar 2008
    Posts
    263
    How can block port 80 for ever?
    Because main node not need to this port.
    Need More Power?!
    PersianWhois.Com

  6. #6
    Join Date
    May 2008
    Location
    Houston
    Posts
    44
    iptables -I INPUT -p tcp --dport 80 -j REJECT

  7. #7
    Join Date
    Apr 2009
    Location
    localhost
    Posts
    175

  8. #8
    Join Date
    Apr 2009
    Location
    North America
    Posts
    49
    Quote Originally Posted by txspaderz View Post
    iptables -I INPUT -p tcp --dport 80 -j REJECT
    'iptables -I INPUT -p tcp --dport 80 -j DROP' is better than using REJECT in this case. DROP will just drop the packet on the floor, where as REJECT will respond with an ICMP packet for the rejection, which costs more resources. If you are being attacked, dont use REJECT as an IPTables target. my 2 cents...
    Try out my opensource software DDoS Mitigation system at http://daedalous.net/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •