nginx slow for no reason
Marki555
nginx-forum at nginx.us
Mon Aug 8 13:41:06 UTC 2011
Do you think it can be a synflood attack? I can see it only during peak
hours, if it would be attack, I would expect it to be nonstop. If it
would be synflood, how would nginx handle it? SYN_RECV means that kernel
has received the initial SYN packet, but the userspace (nginx) didn't
reply with SYN+ACK yet. But from strace it seems that nginx is not
receiving those connections...
Every request is from different IP (as it's ad-tracking I have more than
3 milions diff. IPs per day). Here is output:
bill3:~:# netstat -tnp | grep SYN_RECV |sort -k5,5
tcp 0 0 92.x.x.x:80 108.84.25.217:49988 SYN_RECV
-
tcp 0 0 92.x.x.x:80 171.0.128.220:59857 SYN_RECV
-
tcp 0 0 92.x.x.x:80 188.22.33.219:63756 SYN_RECV
-
tcp 0 0 92.x.x.x:80 194.168.179.130:54327 SYN_RECV
-
tcp 0 0 92.x.x.x:80 2.218.18.53:49980 SYN_RECV
-
tcp 0 0 92.x.x.x:80 212.106.232.41:3887 SYN_RECV
-
tcp 0 0 92.x.x.x:80 213.105.53.187:56882 SYN_RECV
-
tcp 0 0 92.x.x.x:80 213.105.53.187:56948 SYN_RECV
-
tcp 0 0 92.x.x.x:80 213.107.67.17:56947 SYN_RECV
-
tcp 0 0 92.x.x.x:80 217.137.153.229:4384 SYN_RECV
-
tcp 0 0 92.x.x.x:80 46.25.124.158:59649 SYN_RECV
-
tcp 0 0 92.x.x.x:80 62.254.142.85:59674 SYN_RECV
-
tcp 0 0 92.x.x.x:80 62.255.147.169:58835 SYN_RECV
-
tcp 0 0 92.x.x.x:80 62.31.128.35:51695 SYN_RECV
-
tcp 0 0 92.x.x.x:80 77.100.4.202:56501 SYN_RECV
-
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,213502,213507#msg-213507
More information about the nginx
mailing list