networking
network_error
ai_generated
true
TCP:由于端口443上的高连接速率,已启用SYN Cookie,正在丢弃连接
TCP: SYN cookies enabled due to high connection rate on port 443, dropping connections
ID: networking/tcp-syn-cookies-enabled
85%修复率
86%置信度
1证据数
2024-01-20首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| Linux 5.15+ | active | — | — | — |
| Linux 6.1+ | active | — | — | — |
| Ubuntu 22.04 | active | — | — | — |
| Debian 12 | active | — | — | — |
根因分析
内核检测到端口上高传入SYN数据包速率,触发SYN Cookie作为防御SYN洪水攻击的措施,如果Cookie验证失败,可能导致合法连接被丢弃。
English
The kernel detected a high rate of incoming SYN packets on a port, triggering SYN cookies as a defense against SYN flood attacks, which can cause legitimate connections to be dropped if the cookie validation fails.
官方文档
https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html解决方案
-
Increase the SYN backlog and reduce the threshold for SYN cookies: sysctl -w net.ipv4.tcp_max_syn_backlog=8192 && sysctl -w net.ipv4.tcp_synack_retries=2
-
Use a load balancer or reverse proxy (e.g., Nginx) to distribute incoming connections and reduce the SYN rate on the backend server
无效尝试
常见但无效的做法:
-
70% 失败
This leaves the server vulnerable to SYN flood attacks and may cause resource exhaustion under high traffic.
-
85% 失败
A high backlog does not prevent SYN cookies from being enabled when the SYN rate exceeds the threshold.