Author Topic: TCP SYN queue of the kernel was full and sent SYN cookies  (Read 398 times)

0 Members and 2 Guests are viewing this topic.

TCP SYN queue of the kernel was full and sent SYN cookies
« on: June 06, 2019, 08:09:52 PM »
I got the following error from Netdata...

netdata notification
host1.fqdn recovered
ip.tcp_syn_queue CHART
1m tcp syn queue cookies (was warning for 1 minute and 10 seconds)
the number of times the TCP SYN queue of the kernel was full and sent SYN cookies, during the last minute ALARM
Fri Jun 7 02:59:12 ST 2019
(was warning for 1 minute and 10 seconds) TIME
The host has 0 WARNING and 0 CRITICAL alarm(s) raised.
View Netdata

The source of this alarm is line 70@/usr/lib/netdata/conf.d/health.d/tcp_listen.conf
(alarms are configurable, edit this file to adapt the alarm to your needs)
Sent by netdata, the real-time performance and health monitoring, on host.fqdn.

And i note the following in /usr/lib/netdata/conf.d/health.d/tcp_listen.conf...

# SYN queue
# The SYN queue tracks TCP handshakes until connections are fully established.
# It overflows when too many incoming TCP connection requests hang in the
# half-open state and the server is not configured to fall back to SYN cookies.
# Overflows are usually caused by SYN flood DoS attacks (i.e. someone sends
# lots of SYN packets and never completes the handshakes).

So do i need to enable "fall back to SYN cookies"?

Can i add the following in /etc/sysctl.d/99-sysctl.conf

net.ipv4.tcp_syncookies = 1

Then i have done the following...
sysctl.d]# sysctl -p
net.ipv6.conf.all.accept_ra = 2
net.ipv6.conf.eth0.accept_ra = 2
net.ipv4.tcp_syncookies = 1

Is this the right place to add this?
Will it work against possible dos flood attack on CWP?
How do i tell if it is in fact that kind of how do i test this?

« Last Edit: June 06, 2019, 08:22:00 PM by adamjedgar »

Re: TCP SYN queue of the kernel was full and sent SYN cookies
« Reply #1 on: June 14, 2019, 10:33:40 AM »
You can add that in /etc/sysctl.conf or /etc/sysctl.d/99-sysctl.conf . In the first case "net.ipv4.tcp_syncookies = 1" will be set before Netdata started. In the second one - do not sure
You can ask me to solve any problem with your server for some money in pm  ;)
Services Monitoring & RBL Monitoring
Join our Development Team and get paid !

Installation Instructions
Get Fast Support Here