[ntp:questions] What traffic from pool is normal ?
Condor
john at stz-bg.com
Tue Jun 21 07:33:02 UTC 2011
Hello ppl,
do I can ask what traffic from pool is normal ? I have some times
problems ... I think I got too much query. This problem is from long time
and it's happened only for small amount of time. For 30 min to 1 hour and
usual when Im not logged in to see what's happened. Here is error that i
got from kernel:
net_ratelimit: 686 callbacks suppressed
nf_conntrack: table full, dropping packet.
nf_conntrack: table full, dropping packet.
nf_conntrack: table full, dropping packet.
I use some optimization on tcp/ip network like:
# increase TCP max buffer size setable using setsockopt()
# 16 MB with a few parallel streams is recommended for most 10G paths
# 32 MB might be needed for some very long end-to-end 10G or 40G paths
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
# increase default values
net.core.rmem_default = 16777216
net.core.wmem_default = 16777216
# increase Linux autotuning TCP buffer limits
# min, default, and max number of bytes to use
# (only change the 3rd value, and make it 16 MB or more)
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
# recommended to increase this for 10G NICS
net.core.netdev_max_backlog = 10000
net.ipv6.conf.all.forwarding = 1
net.netfilter.nf_conntrack_tcp_timeout_established = 2000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 2000
but I still have a problem. First time when I successful dump the traffic
when it's happened I see for 14 seconds my ntp receive 3300 send/receive
query. After a private email between me and owner project Ask Bjørn
Hansen he decide nothing strange is happened. Today I see that situation
again and I log 58100 send/receive query for 20 sec. Both logs can be
download from: www.stz-bg.com/traf/
I want to ask is that normal or Im attacked? Because traffic is from UDP
you can change query source address and this will become an attack.
Regards,
Condor
More information about the questions
mailing list