[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] kernel: ip_conntrack: table full, dropping packet.


I'm still having the problem, after the machine (SuSE 9.0, SuSEfirewall2) is up for about 30 days, although I did:

echo 65535 > /proc/sys/net/ipv4/ip_conntrack_max

Even more strange - when I do
cat /proc/net/ip_conntrack | wc -l

I usally get something like 1500, which does look quite normal to me.

So the only solution seem to be to reboot the system every 30 days? Isn't there anything else I can do? Will upgrading to kernel 2.6 possibly fix this?

Possibilities for this:

external portscanns
too much rulessets
pc with 2 much connections (e.g. p2p) *
infected redmond (tm) pc with worm

(*) decrease numer of connections and disable master-node functionality.
This is the #1 reason for full tables!

First check if there is no infected Box in you network filling the tables with trash-data (check with ip-traf, if there is enormous traffic on your firewall from one internal ip or if you get DoS from external).

Or use Etherreal and check, if there is an enormous big amount of traffic on one IP or a MAC-Spoofer or a defect network card or hub.

Afterwards a good medicine to Redmond (TM) for better security:

- switch to firefox & Thunderbird
- restrict usage of IE to Admins only
- don't work as Admin on the PC's or anyone else
- install an up2date virusscanner (e.g. www.free-av.de) with autoupdate
- run the service-deinstaller from ccc: http://www.dingens.org/

!!!Warning, this script deactivates AD-functionality and is at you own risk, rtfm before installing the patch!!!
!!!This patch may speedup your pc and increase security!!!



Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here