============================
Репозитории
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
wget -q -O — http://www.atomicorp.com/installers/atomic | sh
http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
=========================================
nf_conntrack: table full, dropping packet.
# dmesg
nf_conntrack: table full, dropping packet.
nf_conntrack: table full, dropping packet.
nf_conntrack: table full, dropping packet.
You can check how many sessions are opend from /proc/net/nf_conntrack.
# head -1 /proc/net/nf_conntrack
ipv4 2 udp 17 171 src=192.168.11.1 dst=192.168.11.2 sport=45669 dport=53 src=192.168.11.2 dst=192.168.11.1 sport=53 dport=45669 [ASSURED] mark=0 secmark=0 use=2
# wc -l /proc/net/nf_conntrack
34775 /proc/net/nf_conntrack
increase # of nf_conntrack_max. ( default is 65535 )
# cat /proc/sys/net/nf_conntrack_max
65535
# echo 999999 > /proc/sys/net/nf_conntrack_max
# cat /proc/sys/net/nf_conntrack_max
100000
permanently set the value.
# tail -1 /etc/sysctl.conf
net.nf_conntrack_max = 100000
sysctl -a | grep conntrack_max
============================================================
Как определить, что на сервер идет SYN флуд атака?
netstat -apnt | egrep ‘syn|time_wait’ -i | wc -l
значений не должно быть
============================================================
