Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : VPS suspended - DDoS

[Markovic]

Hello,

I won't name my VPS provider here but my VPS got suspended because I was being DDoSed and they c/ped me this:

Oct 7 00:57:43 vps kernel: TCP: too many of orphaned sockets (400 in CT5500)
Oct 7 00:57:48 vps kernel: printk: 5 messages suppressed.
Oct 7 00:57:48 vps kernel: TCP: too many of orphaned sockets (400 in CT5500)
Oct 7 00:57:53 vps kernel: printk: 93 messages suppressed.
Oct 7 00:57:53 vps kernel: TCP: too many of orphaned sockets (400 in CT5500)
Oct 7 00:57:58 vps kernel: printk: 2 messages suppressed.
Oct 7 00:57:58 vps kernel: TCP: too many of orphaned sockets (400 in CT5500)
Oct 7 00:58:03 vps kernel: printk: 105 messages suppressed.
Oct 7 00:58:03 vps kernel: ip_conntrack: CT 5500: table full, dropping packet.
Oct 7 00:58:08 vps kernel: printk: 106 messages suppressed.
Oct 7 00:58:08 vps kernel: TCP: too many of orphaned sockets (400 in CT5500)
Oct 7 00:58:14 vps kernel: printk: 67 messages suppressed.
Oct 7 00:58:14 vps kernel: TCP: too many of orphaned sockets (400 in CT5500)
Oct 7 00:58:17 vps kernel: possible SYN flooding on port 80. Sending cookies.
Oct 7 00:58:19 vps kernel: printk: 90 messages suppressed.
Oct 7 00:58:19 vps kernel: TCP: too many of orphaned sockets (400 in CT5500)
Oct 7 00:58:25 vps kernel: printk: 119 messages suppressed.
Oct 7 00:58:25 vps kernel: TCP: too many of orphaned sockets (400 in CT5500)
Oct 7 00:58:28 vps kernel: printk: 120 messages suppressed.
Oct 7 00:58:28 vps kernel: TCP: too many of orphaned sockets (400 in CT5500)
Oct 7 00:58:33 vps kernel: printk: 5 messages suppressed.
Oct 7 00:58:33 vps kernel: TCP: too many of orphaned sockets (400 in CT5500)
Oct 7 00:58:38 vps kernel: printk: 83 messages suppressed.
Oct 7 00:58:38 vps kernel: ip_conntrack: CT 5500: table full, dropping packet.
Oct 7 00:58:44 vps kernel: printk: 34 messages suppressed.
Oct 7 00:58:44 vps kernel: Orphaned socket dropped (376,752 in CT5500)
Oct 7 00:58:48 vps kernel: printk: 136 messages suppressed.
Oct 7 00:58:48 vps kernel: Orphaned socket dropped (392,784 in CT5500)
Oct 7 00:58:54 vps kernel: printk: 104 messages suppressed.
Oct 7 00:58:54 vps kernel: TCP: too many of orphaned sockets (400 in CT5500)
Oct 7 00:58:58 vps kernel: printk: 15 messages suppressed.
Oct 7 00:58:58 vps kernel: Orphaned socket dropped (387,774 in CT5500)
Oct 7 00:59:04 vps kernel: printk: 111 messages suppressed.
Oct 7 00:59:04 vps kernel: Orphaned socket dropped (398,796 in CT5500)
Oct 7 00:59:09 vps kernel: printk: 71 messages suppressed.
Oct 7 00:59:09 vps kernel: Orphaned socket dropped (398,796 in CT5500)
Oct 7 00:59:13 vps kernel: printk: 28 messages suppressed.
Oct 7 00:59:13 vps kernel: Orphaned socket dropped (399,798 in CT5500)
Oct 7 00:59:18 vps kernel: printk: 71 messages suppressed.
Oct 7 00:59:18 vps kernel: TCP: too many of orphaned sockets (400 in CT5500)
Oct 7 00:59:18 vps kernel: possible SYN flooding on port 80. Sending cookies
Oct 7 00:59:23 vps kernel: printk: 183 messages suppressed.
Oct 7 00:59:23 vps kernel: Orphaned socket dropped (399,798 in CT5500)
Oct 7 00:59:28 vps kernel: printk: 347 messages suppressed.
Oct 7 00:59:28 vps kernel: Orphaned socket dropped (392,784 in CT5500)

I would like to know what EXACLY does it mean.

Thank you

[inspiron]

What kernel version do you use?

[assistanz247]

Contact your Node administrators and ask them to check the kernel versions some kernels that includes 2.6.8 is having this issues.

[assistanz247]

Ask your Node admin to get a new version of kernels like 2.6.18 for your VPS and that will solve this issues.

[eth10]

Is it not the responsibility of the admin to take care of this issue instead of suspending it ?

[khunj]

It means you are under attack. You are receiving too many packets, the kernel is dropping them because your syn backlog and connection tracking table are full.
It always happens during such an attack.