possible SYN flooding on port issue.

[firewalker]

Hello every one.

Nearly every time I use Qbittorrent after a while the speed drops significantly. With dmesg I can see the following

possible SYN flooding on port 55555. Sending cookies.
possible SYN flooding on port 55555. Sending cookies.
possible SYN flooding on port 55555. Sending cookies.
possible SYN flooding on port 55555. Sending cookies.
possible SYN flooding on port 55555. Sending cookies.
possible SYN flooding on port 55555. Sending cookies.
possible SYN flooding on port 55555. Sending cookies.
possible SYN flooding on port 55555. Sending cookies.
possible SYN flooding on port 55555. Sending cookies.
possible SYN flooding on port 55555. Sending cookies.
possible SYN flooding on port 55555. Sending cookies.
possible SYN flooding on port 55555. Sending cookies.
possible SYN flooding on port 55555. Sending cookies.
possible SYN flooding on port 55555. Sending cookies.
possible SYN flooding on port 55555. Sending cookies.
possible SYN flooding on port 55555. Sending cookies.
possible SYN flooding on port 55555. Sending cookies.
possible SYN flooding on port 55555. Sending cookies.

Where 55555 the port number that Qbittorrent uses.

I am using ArchLinux with qbittorrent 2.4.10 (the older version had the same behavior). My router is a Thomson TG585 v7 (7.4.3.2).

Any ideas?

[Peter]

Try this:
sysctl -w net.ipv4.tcp_syncookies=0

If it works, then:
Add the following line to the /etc/sysctl.conf file to make make it persist across reboots:

net.ipv4.tcp_syncookies = 0

That's it.

[firewalker]

Yes. Setting SYN Cookies to zero solves the issue. Is there an "serious danger" for a simple workstation when disabling SYN Cookies?

[Peter]

No .. nothing.

Its a simple mechanism to "protect" server machines ... but even we had to disable it on our servers.
(Don't think desktop machines with XP. I talk about normal rack servers, about 8-12 with really heavy load. About 5-8k visit per SECOND.)

[firewalker]

I have to bring back this issue.

Setting ipv4.tcp_syncookies=0 no longer works. The kernel message changes from TCP: Possible SYN flooding on port 55555. Sending cookies. to TCP: Possible SYN flooding on port 55555. Dropping request..

This affects the over perfomance of my internet connection.

Could it be a router problem? I am using Thomson TG585-v7.

Code: Select all

Feb 25 15:11:55: TCP: Possible SYN flooding on port 55555. Dropping request.
Feb 25 15:11:56: TCP: Possible SYN flooding on port 55555. Dropping request.
Feb 25 15:11:55: TCP: Possible SYN flooding on port 55555. Dropping request.
Feb 25 15:11:56: TCP: Possible SYN flooding on port 55555. Dropping request.
Feb 25 15:11:55: TCP: Possible SYN flooding on port 55555. Dropping request.
Feb 25 15:11:56: TCP: Possible SYN flooding on port 55555. Dropping request.
Feb 25 15:11:55: TCP: Possible SYN flooding on port 55555. Dropping request.
Feb 25 15:11:56: TCP: Possible SYN flooding on port 55555. Dropping request.
Feb 25 15:12:00: net_ratelimit: 31 callbacks suppressed
Feb 25 15:11:55: TCP: Possible SYN flooding on port 55555. Dropping request.
Feb 25 15:11:56: TCP: Possible SYN flooding on port 55555. Dropping request.
Feb 25 15:11:55: TCP: Possible SYN flooding on port 55555. Dropping request.
Feb 25 15:11:56: TCP: Possible SYN flooding on port 55555. Dropping request.
Feb 25 15:11:55: TCP: Possible SYN flooding on port 55555. Dropping request.
Feb 25 15:11:56: TCP: Possible SYN flooding on port 55555. Dropping request.
Feb 25 15:11:55: TCP: Possible SYN flooding on port 55555. Dropping request.
Feb 25 15:11:56: TCP: Possible SYN flooding on port 55555. Dropping request.