On Wed, Nov 15, 2000 at 03:46:03PM -0500, safemode wrote: > I was DDoS'd today while away and came home to find the firewall unable to > do anything network related (although my connection to irc was still > working oddly). a quick dmesg showed the problem. > ip_conntrack: maximum limit of 2048 entries exceeded [...] I have also seen this happen on a box which ran test9. Apparently because of it's long uptime, because the logs should no signs of an attack. I guess conntrack forgets to flush some entries? Or maybe there is no way it can recover from a full conntrack table? Is it maybe necessary to make the maximum size a configurable option? Or a userspace conntrack daemon like the arpd? I also see a lot of messages like this (on all 2.4 test kernels): NAT: 0 dropping untracked packet c00643f0 1 131.211.122.89 -> 224.0.0.2 NAT: 0 dropping untracked packet c05468e0 1 131.211.122.89 -> 224.0.0.2 NAT: 0 dropping untracked packet c0064760 1 131.211.122.31 -> 224.0.0.2 Turning of multicast on the respective network interface does not stop these messages, but anyway they seem rather annoying to me :) ------------------------------------------- Met vriendelijke groet / with kind regards, Guus Sliepen ------------------------------------------- See also: http://tinc.nl.linux.org/ http://www.kernelbench.org/ -------------------------------------------