All of lore.kernel.org
 help / color / mirror / Atom feed
From: Alex Flex <aflexzor@gmail.com>
To: netfilter@vger.kernel.org
Subject: synflood +syncookies + conntrack strange behaviour
Date: Thu, 09 May 2013 19:04:29 -0600	[thread overview]
Message-ID: <518C479D.1070904@gmail.com> (raw)

Hello Netfilter,

Today I wanted to do some LAN tests with two machines, where i would use 
one to syn flood the other.

Iam using a firewall with conntrack enabled. I noticed that while I made 
the attack (50k pps @ 15mbitsfrom random IPs) I immediately  saw the 
conntrack max count reach 65535 which is my max value. Packets 
immediately started being lost almost in full.

Questions:

a.) Shouldnt syn cookies (which is enabled) deal with the syn flood 
without compromising my state table?
b.) Why if my state table is full am I not getting any table full error 
message in dmesg or syslog? I tried setting max conntrack to something 
lower (10,000)and even maxed out it didnt give any warning. In fact i 
had to set it to 100 and only at that time I got the conntrack error 
full message??
c.) I  tried disabling iptables all together (thus no conntrack)and I 
still saw 100% packetloss , iam sure iamnot hitting a  cpu or link limit 
because previously i hit a 100k pps 50mbits, and now iam doing half that 
for testing and still using syncookies. Why would i still be lossing 
packets?

Thanks for the help!

Alex



             reply	other threads:[~2013-05-10  1:04 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-05-10  1:04 Alex Flex [this message]
2013-05-11  0:07 ` synflood +syncookies + conntrack strange behaviour Alex Flex
2013-05-11  2:21   ` Pablo Neira Ayuso
2013-05-11 18:05     ` Alex Flex
2013-05-11 18:26 ` Pascal Hambourg
2013-05-11 18:47   ` Alex Flex

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=518C479D.1070904@gmail.com \
    --to=aflexzor@gmail.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.