From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JdGqi-0006tI-A7 for garchives@archives.gentoo.org; Sun, 23 Mar 2008 03:26:20 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9B4CDE0770; Sun, 23 Mar 2008 03:26:17 +0000 (UTC) Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.185]) by pigeon.gentoo.org (Postfix) with ESMTP id 6370AE0770 for ; Sun, 23 Mar 2008 03:26:17 +0000 (UTC) Received: by rv-out-0910.google.com with SMTP id b22so1087938rvf.46 for ; Sat, 22 Mar 2008 20:26:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=x1krpchAkPRwXKS3hJb85JAfPGbCnkTTlW8CfhkNVFA=; b=pArcGAvYByzUNfrY9pjjNIosN/b+YVxJEm/Bj0HFx94QOZYcVOF7nteB+NjdOw3zVH6GIq4vMY3dXy0y/ENtE+NROAb/oS9wyeMMVkuZSTq8bpeR/AhaEzDdpPrvezNn1bJtY9ySRLTSXsFH21kQEmM2IN+P084tzAxlM5Bg7vw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=o5fu3nxGIxe2MzBl5SIz8z+QFdhL/Zw1qQxI4gMmn3QRoBphHFulb396HanU/xDrJKTMw9IdwLCo+vlRFj0Pm1u1rcq/LW1QpEKw2XQI6GXrNN6YbXoysLZ7nq/JYsH3RIcN4ZxneYBskg7GJkBoQBXYATBsnRE++x1Qk6U5Vfo= Received: by 10.140.88.11 with SMTP id l11mr1795928rvb.74.1206242776932; Sat, 22 Mar 2008 20:26:16 -0700 (PDT) Received: by 10.141.212.16 with HTTP; Sat, 22 Mar 2008 20:26:16 -0700 (PDT) Message-ID: <4ef07b8c0803222026y2aacbddfwdc1985467f134c80@mail.gmail.com> Date: Sat, 22 Mar 2008 23:26:16 -0400 From: "Dan Cowsill" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Gentoo router: Conntrack table full In-Reply-To: <350fc7cf0803222022m4dfb3827o878e39dd3493d20d@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <4ef07b8c0803222016g7d3e05a6jf36b317ed1a73e69@mail.gmail.com> <350fc7cf0803222022m4dfb3827o878e39dd3493d20d@mail.gmail.com> X-Archives-Salt: 0e849a85-e985-4029-9b1e-21d51d5b1f44 X-Archives-Hash: 3082d7650150849aeb02357a2a619a99 On Sat, Mar 22, 2008 at 11:22 PM, Andrey Falko wrote: > > On Sat, Mar 22, 2008 at 11:16 PM, Dan Cowsill wrote: > > Hi folks, > > > > Today I had some really serious problems with my Gentoo router. I > > could ping it, and all the network connections were in place and > > functional, but no outside access. I looked into it and found that > > the syslog was flooded with this: > > > > > > Mar 22 21:25:55 localhost kernel: nf_conntrack: table full, dropping packet. > > Mar 22 21:26:00 localhost kernel: printk: 11 messages suppressed. > > Mar 22 21:26:00 localhost kernel: nf_conntrack: table full, dropping packet. > > Mar 22 21:26:05 localhost kernel: printk: 16 messages suppressed. > > > > > > These messages spanned a full 20 hours of the log. I understand that > > conntrack is the connection tracking system that iptables uses. I > > also understand that its maximum is something on the order of 65000 > > simultaneous connections. For a simple home network, I think we can > > agree that I would probably never approach this number of connections > > with normal use. > > > > So my question is this: what could have caused the router's > > connection tracker to overflow? > > -- > > Dan Cowsill > > http://www.danthehat.net > > -- > > gentoo-user@lists.gentoo.org mailing list > > > > > > What type of 'net services do you run between your home network and > the outside? Is there a possibility that someone out have put a denial > of service attack on you? > -- > gentoo-user@lists.gentoo.org mailing list > > I have SSH to a server, two open ports for bit torrent connections and a few ranges for DCC transfers from irc. The possibility of a DoS attack is pretty real, I imagine. Is there any way I could be sure? -- Dan Cowsill http://www.danthehat.net -- gentoo-user@lists.gentoo.org mailing list