networking
network_error
ai_generated
true
TCP: SYN cookies enabled due to high connection rate on port 443, dropping connections
ID: networking/tcp-syn-cookies-enabled
85%Fix Rate
86%Confidence
1Evidence
2024-01-20First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| Linux 5.15+ | active | — | — | — |
| Linux 6.1+ | active | — | — | — |
| Ubuntu 22.04 | active | — | — | — |
| Debian 12 | active | — | — | — |
Root Cause
The kernel detected a high rate of incoming SYN packets on a port, triggering SYN cookies as a defense against SYN flood attacks, which can cause legitimate connections to be dropped if the cookie validation fails.
generic中文
内核检测到端口上高传入SYN数据包速率,触发SYN Cookie作为防御SYN洪水攻击的措施,如果Cookie验证失败,可能导致合法连接被丢弃。
Official Documentation
https://www.kernel.org/doc/html/latest/networking/ip-sysctl.htmlWorkarounds
-
85% success Increase the SYN backlog and reduce the threshold for SYN cookies: sysctl -w net.ipv4.tcp_max_syn_backlog=8192 && sysctl -w net.ipv4.tcp_synack_retries=2
Increase the SYN backlog and reduce the threshold for SYN cookies: sysctl -w net.ipv4.tcp_max_syn_backlog=8192 && sysctl -w net.ipv4.tcp_synack_retries=2
-
90% success Use a load balancer or reverse proxy (e.g., Nginx) to distribute incoming connections and reduce the SYN rate on the backend server
Use a load balancer or reverse proxy (e.g., Nginx) to distribute incoming connections and reduce the SYN rate on the backend server
中文步骤
Increase the SYN backlog and reduce the threshold for SYN cookies: sysctl -w net.ipv4.tcp_max_syn_backlog=8192 && sysctl -w net.ipv4.tcp_synack_retries=2
Use a load balancer or reverse proxy (e.g., Nginx) to distribute incoming connections and reduce the SYN rate on the backend server
Dead Ends
Common approaches that don't work:
-
70% fail
This leaves the server vulnerable to SYN flood attacks and may cause resource exhaustion under high traffic.
-
85% fail
A high backlog does not prevent SYN cookies from being enabled when the SYN rate exceeds the threshold.