Occasionally I'm seeing "possible SYN flooding on port xxx" when there no real attack going on. What I'd like to do is some Linux tuning to increase the capacity so that it can handle more TCP activity. These's so many settings that my head is swimming.
I'm also running OpenVZ virtualization in case that makes a difference.
Thanks in advance.
This is just a warning message, the kernel should start sending SYN cookies, if they are enabled.
As long as you don't see some "dropping xx packets" messages you are fine.
Look at your SYN backlog and increase it if it is too low:
# cat /proc/sys/net/ipv4/tcp_max_syn_backlog
Usually the value is 1024, you can double or triple it.
You can do that only from the HN, not from a container.
★ NinjaFirewall : Web Application Firewall for PHP and WordPress.
★ NinjaMonitoring : Monitor your website for suspicious activities.