Results 1 to 8 of 8
Thread: ip_conntrack issue!!!
-
05-15-2009, 10:24 AM #1Web Hosting Guru
- Join Date
- Mar 2008
- Posts
- 263
ip_conntrack issue!!!
Please see following picture, its see on my server and server is down!
Its a hypervm main node server.
Help me to resolve this issue please.Need More Power?!
PersianWhois.Com
-
05-15-2009, 07:39 PM #2Junior Guru Wannabe
- Join Date
- Apr 2009
- Location
- North America
- Posts
- 49
echo 0 > /proc/sys/net/netfilter/nf_conntrack_acct
Try out my opensource software DDoS Mitigation system at http://daedalous.net/
-
05-16-2009, 02:24 AM #3Web Hosting Guru
- Join Date
- Mar 2008
- Posts
- 263
Thank you very much.
Problem resolved, but server request response time is very very low!Need More Power?!
PersianWhois.Com
-
05-16-2009, 02:26 AM #4Junior Guru Wannabe
- Join Date
- May 2008
- Location
- Houston
- Posts
- 44
You are probably being attacked. I'd recommend contacting someone who knows how to mitigate it, or ask your datacenter and see if they have DDOS Protection
-
05-16-2009, 02:32 AM #5Web Hosting Guru
- Join Date
- Mar 2008
- Posts
- 263
How can block port 80 for ever?
Because main node not need to this port.Need More Power?!
PersianWhois.Com
-
05-16-2009, 02:33 AM #6Junior Guru Wannabe
- Join Date
- May 2008
- Location
- Houston
- Posts
- 44
iptables -I INPUT -p tcp --dport 80 -j REJECT
-
05-16-2009, 02:57 AM #7Temporarily Suspended
- Join Date
- Apr 2009
- Location
- localhost
- Posts
- 175
https://fedorahosted.org/func/wiki/IPtablesModule
must be useful
-
05-16-2009, 07:06 PM #8Junior Guru Wannabe
- Join Date
- Apr 2009
- Location
- North America
- Posts
- 49
'iptables -I INPUT -p tcp --dport 80 -j DROP' is better than using REJECT in this case. DROP will just drop the packet on the floor, where as REJECT will respond with an ICMP packet for the rejection, which costs more resources. If you are being attacked, dont use REJECT as an IPTables target. my 2 cents...
Try out my opensource software DDoS Mitigation system at http://daedalous.net/