public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
From: "Dan Cowsill" <danthehat@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Gentoo router: Conntrack table full
Date: Sat, 22 Mar 2008 23:26:16 -0400	[thread overview]
Message-ID: <4ef07b8c0803222026y2aacbddfwdc1985467f134c80@mail.gmail.com> (raw)
In-Reply-To: <350fc7cf0803222022m4dfb3827o878e39dd3493d20d@mail.gmail.com>

On Sat, Mar 22, 2008 at 11:22 PM, Andrey Falko <ma3oxuct@gmail.com> wrote:
>
> On Sat, Mar 22, 2008 at 11:16 PM, Dan Cowsill <danthehat@gmail.com> wrote:
>  > Hi folks,
>  >
>  >  Today I had some really serious problems with my Gentoo router.  I
>  >  could ping it, and all the network connections were in place and
>  >  functional, but no outside access.  I looked into it and found that
>  >  the syslog was flooded with this:
>  >
>  >
>  >  Mar 22 21:25:55 localhost kernel: nf_conntrack: table full, dropping packet.
>  >  Mar 22 21:26:00 localhost kernel: printk: 11 messages suppressed.
>  >  Mar 22 21:26:00 localhost kernel: nf_conntrack: table full, dropping packet.
>  >  Mar 22 21:26:05 localhost kernel: printk: 16 messages suppressed.
>  >
>  >
>  >  These messages spanned a full 20 hours of the log.  I understand that
>  >  conntrack is the connection tracking system that iptables uses.  I
>  >  also understand that its maximum is something on the order of 65000
>  >  simultaneous connections.  For a simple home network, I think we can
>  >  agree that I would probably never approach this number of connections
>  >  with normal use.
>  >
>  >  So my question is this:  what could have caused the router's
>  >  connection tracker to overflow?
>  >  --
>  >  Dan Cowsill
>  >  http://www.danthehat.net
>  >  --
>  >  gentoo-user@lists.gentoo.org mailing list
>  >
>  >
>
>  What type of 'net services do you run between your home network and
>  the outside? Is there a possibility that someone out have put a denial
>  of service attack on you?
>  --
>  gentoo-user@lists.gentoo.org mailing list
>
>

I have SSH to a server, two open ports for bit torrent connections and
a few ranges for DCC transfers from irc.

The possibility of a DoS attack is pretty real, I imagine.  Is there
any way I could be sure?

-- 
Dan Cowsill
http://www.danthehat.net
-- 
gentoo-user@lists.gentoo.org mailing list



  reply	other threads:[~2008-03-23  3:26 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-23  3:16 [gentoo-user] Gentoo router: Conntrack table full Dan Cowsill
2008-03-23  3:22 ` Andrey Falko
2008-03-23  3:26   ` Dan Cowsill [this message]
2008-03-23  9:23     ` Michal 'vorner' Vaner
2008-03-23 13:42 ` Mike Williams
2008-03-25  6:13   ` Adam Carter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4ef07b8c0803222026y2aacbddfwdc1985467f134c80@mail.gmail.com \
    --to=danthehat@gmail.com \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox