New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Large amount of Conntrack Sessions flooding
Hi,
I have a tiny VPS with nanovz and use it for reverse proxy.
Today, my vps is suppended due to "Large amount of Conntrack Sessions flooding"
"Conntrack Sessions: 58662
PPS: 18542"
I dont know how to solve this. I install lowendscript on this VPS (nginx only, no mysql, exim,..) and it acts as reverse proxy.
Please help me solve this
Comments
Use this command to see all of the sessions: cat /proc/net/nf_conntrack
Once you see the sessions, you can determine what IPs are connecting and over what port, then use the port to discover the protocol.
Also keep in mind that by default, the majority of Linux distros have a max of 65536 sessions so almost 59k is a quite a lot.
you can limit the conntrack sessions too to slow down the dos attack or whatever is going on with your box.
how to do
https://www.google.co.uk/search?q=limit+conntrack+sessions&oq=limit+conntrack+sessions
Depending on what you're doing you could also disable nf_conntrack or mark certain iptables-rules with NOTRACK. Not sure if that works without proper virtualisation though.
Are you aware that Conntrack session exhaustion is usually due to a DDoS? Unless you normally have 58,662 active sessions (TCP Connections, UDP dstip,dstport,srcip,scrport turples)
You can consider NOTRACK'ing, however likely your service will be overwhelmed by the influx of traffic.
If it is small enough you may want to consider enlarging your conntrack table, however it looks like its your providers conntrack table (OpenVZ?) in which case its out of your control.
sorry for the late response but this could sometime in the future.
limit sessions
/sbin/sysctl -w net.netfilter.nf_conntrack_max=xxxx
xxxx = number
/sbin/sysctl -w net.netfilter.nf_conntrack_count
to check how many sessions