Nginx, Linux и DDOS

sba nginx-forum на nginx.us
Сб Апр 24 16:05:58 MSD 2010


Ддосят сайт, удалось установить закономерность среди атакующих ботов и все они успешно отсекаются nginx. В среднем в секунду боты генерят 400-600 запросов.

Появилась проблема другого плана


Apr 24 15:45:52 srv01 kernel: [380345.480476] __ratelimit: 6 messages suppressed
Apr 24 15:45:52 srv01 kernel: [380345.480484] nf_conntrack: CT 0: table full, dropping packet.
Apr 24 15:45:52 srv01 kernel: [380345.484477] nf_conntrack: CT 0: table full, dropping packet.
Apr 24 15:45:52 srv01 kernel: [380345.484791] nf_conntrack: CT 0: table full, dropping packet.
Apr 24 15:45:52 srv01 kernel: [380345.496476] nf_conntrack: CT 0: table full, dropping packet.
Apr 24 15:45:52 srv01 kernel: [380345.496476] nf_conntrack: CT 0: table full, dropping packet.
Apr 24 15:45:52 srv01 kernel: [380345.504579] nf_conntrack: CT 0: table full, dropping packet.
Apr 24 15:45:52 srv01 kernel: [380345.504579] nf_conntrack: CT 0: table full, dropping packet.
Apr 24 15:45:52 srv01 kernel: [380345.504579] nf_conntrack: CT 0: table full, dropping packet.
Apr 24 15:45:52 srv01 kernel: [380345.504579] nf_conntrack: CT 0: table full, dropping packet.
Apr 24 15:45:52 srv01 kernel: [380345.508912] nf_conntrack: CT 0: table full, dropping packet.
Apr 24 15:45:58 srv01 kernel: [380351.992168] __ratelimit: 4011 messages suppressed
Apr 24 15:45:58 srv01 kernel: [380351.992168] nf_conntrack: CT 0: table full, dropping packet.
Apr 24 15:46:02 srv01 kernel: [380355.568688] __ratelimit: 1469 messages suppressed
Apr 24 15:46:02 srv01 kernel: [380355.568695] nf_conntrack: CT 0: table full, dropping packet.
Apr 24 15:46:08 srv01 kernel: [380361.861933] __ratelimit: 1837 messages suppressed
Apr 24 15:46:08 srv01 kernel: [380361.861940] nf_conntrack: CT 0: table full, dropping packet.
Apr 24 15:46:12 srv01 kernel: [380365.898849] __ratelimit: 697 messages suppressed
Apr 24 15:46:12 srv01 kernel: [380365.898856] nf_conntrack: CT 0: table full, dropping packet.
Apr 24 15:46:17 srv01 kernel: [380371.493446] __ratelimit: 2195 messages suppressed
Apr 24 15:46:17 srv01 kernel: [380371.493453] TCP: time wait bucket table overflow (CT0)
Apr 24 15:46:25 srv01 kernel: [380379.194777] __ratelimit: 10 messages suppressed
Apr 24 15:46:25 srv01 kernel: [380379.194784] TCP: time wait bucket table overflow (CT0)


# netstat -ntpa|grep TIME_WAIT |wc -l
13349



так понимаю заканчивается количество доступных TIME_WAIT tcp соединений? как это можно увеличить?

Posted at Nginx Forum: http://forum.nginx.org/read.php?21,78756,78756#msg-78756




Подробная информация о списке рассылки nginx-ru