Results 1 to 7 of 7
  1. #1

    Does keepalive off help in syn flood?

    Does keepalive off help in syn flood?

  2. #2
    Join Date
    Mar 2006
    Posts
    241
    Yes it will helo to reduce the load on server.
    When you've got KeepAlive set to "On" make sure that you reduce KeepAliveTimeout. Appropriate values for that one would be 1-2 seconds.

    You can try this configuration to reduce the load.

    Timeout 12
    KeepAlive Off
    MaxKeepAliveRequests 250
    KeepAliveTimeout 10
    MinSpareServers 20
    MaxSpareServers 35
    StartServers 10
    MaxClients 250
    MaxRequestsPerChild 10000
    LiquidSupport - A subsidiary of I-Fort Technologies (Pvt.) Ltd
    Server Administration | Technical Support | Web Development

  3. #3
    but,if u site haveing full of images better u can on the keepalive and reduce the keepalivetimeout to lower numbers

  4. #4
    Join Date
    Jun 2004
    Location
    Oregon
    Posts
    1,282
    it won't help much, very small syn flood can kill apache if you don't have it filter out before it reaches.

  5. #5
    I have images on lighttpd which doesn't get attacked (yet).

    I tried using deflate DDoS but it runs every 1 minute and basically the server will crash during that 1 minute and never recover from there.

  6. #6
    Join Date
    Oct 2007
    Posts
    1,902
    Hi,

    Run the following command in the server and if there are too many time_wait connections, I think it is better to turn on keepalive in the apache conf.

    netstat -an|awk '/tcp/ {print $6}'|sort|uniq -c

    Restart apache and monitor the server for some time.

    Let us know how it goes.
    ServerPoint.com - a true hosting company offering online presence solutions since 1998.
    >>Web Hosting, colocation, dedicated servers and virtual private dedicated servers.
    >>>>Wholly owned multi homed network, servers and facilities.

  7. #7
    Don't know what's happening:

    63 CLOSE_WAIT
    139 ESTABLISHED
    27 FIN_WAIT1
    139 FIN_WAIT2
    83 LAST_ACK
    8 LISTEN
    39 SYN_RECV
    1443 TIME_WAIT


    Out of no where:

    there is like 100's of WWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW in the
    server-status section


    Not sure what's happening but this is the stats after the DC stopped the httpd process. But load was 500 just before this.



    I just changed the IP and get:
    [[email protected] conf]# netstat -an|awk '/tcp/ {print $6}'|sort|uniq -c
    9 CLOSE_WAIT
    2 CLOSING
    410 ESTABLISHED
    43 FIN_WAIT1
    167 FIN_WAIT2
    21 LAST_ACK
    7 LISTEN
    75 SYN_RECV
    3888 TIME_WAIT


    I noticed I don't get 100s of requests to the IP address via apache on server-status now.

    I am so clueless. Deflate DDOS did nothing. Should I do mod evasive?

    DC's solution is to use Squid or get a new box to split the load.
    Last edited by Gigaron; 05-29-2008 at 12:35 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •