From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id F253513888F for ; Wed, 14 Oct 2015 17:19:24 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C2BC9E080A; Wed, 14 Oct 2015 17:19:13 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 9F18BE07F5 for ; Wed, 14 Oct 2015 17:19:12 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1ZmPhm-0002ra-KH for gentoo-user@lists.gentoo.org; Wed, 14 Oct 2015 19:19:10 +0200 Received: from static-71-122-242-106.tampfl.fios.verizon.net ([71.122.242.106]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 14 Oct 2015 19:19:10 +0200 Received: from wireless by static-71-122-242-106.tampfl.fios.verizon.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 14 Oct 2015 19:19:10 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: James Subject: [gentoo-user] Re: TCP listen overflows Date: Wed, 14 Oct 2015 17:19:02 +0000 (UTC) Message-ID: References: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: sea.gmane.org User-Agent: Loom/3.14 (http://gmane.org/) X-Loom-IP: 71.122.242.106 (Mozilla/5.0 (X11; Linux x86_64; rv:41.0) Gecko/20100101 Firefox/41.0 SeaMonkey/2.38) X-Archives-Salt: 193f8e02-e8cb-4c57-8b04-82758b76bd49 X-Archives-Hash: 6142d248e5fc091ecb100f81d8bbdad6 Grant gmail.com> writes: > My site when down for about 10 minutes recently and the only > interesting thing I see in the munin graphs is a massive spike in "TCP > socket buffer errors", specifically "Listen overflows" at exactly the > same time. Is that a clue or just a result of the downtime? Nothing > in the logs. Hard to tell. What I have done in the past is install a hub/switch outside your firewall/DMZ with several systems to perform 'mock tests' via standard penetration tests, packet flooding, DoS, etc etc depending on your suspicions, and pound on your net Pentoo linux is also an excellent tool. hth, James