[ntp:questions] What traffic from pool is normal ?

Condor john at stz-bg.com
Tue Jun 21 07:33:02 UTC 2011


Hello ppl,
do I can ask what traffic from pool is normal ? I have some times 
problems ... I think I got too much query. This problem is from long time 
and it's happened only for small amount of time. For 30 min to 1 hour and 
usual when Im not logged in to see what's happened. Here is error that i 
got from kernel:

net_ratelimit: 686 callbacks suppressed
nf_conntrack: table full, dropping packet.
nf_conntrack: table full, dropping packet.
nf_conntrack: table full, dropping packet.

I use some optimization on tcp/ip network like:

# increase TCP max buffer size setable using setsockopt()
# 16 MB with a few parallel streams is recommended for most 10G paths
# 32 MB might be needed for some very long end-to-end 10G or 40G paths
net.core.rmem_max = 16777216 
net.core.wmem_max = 16777216 
# increase default values
net.core.rmem_default = 16777216
net.core.wmem_default = 16777216
# increase Linux autotuning TCP buffer limits 
# min, default, and max number of bytes to use
# (only change the 3rd value, and make it 16 MB or more)
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
# recommended to increase this for 10G NICS
net.core.netdev_max_backlog = 10000
net.ipv6.conf.all.forwarding = 1
net.netfilter.nf_conntrack_tcp_timeout_established = 2000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 2000


but I still have a problem. First time when I successful dump the traffic 
when it's happened I see for 14 seconds my ntp receive 3300 send/receive 
query. After a private email between me and owner project Ask Bjørn 
Hansen he decide nothing strange is happened. Today I see that situation 
again and I log 58100 send/receive query for 20 sec. Both logs can be 
download from: www.stz-bg.com/traf/

I want to ask is that normal or Im attacked? Because traffic is from UDP 
you can change query source address and this will become an attack.


Regards,
Condor




More information about the questions mailing list