IPFV загадил весь лог tcpflags 0x11<FIN,ACK>

around · Непрочитанное сообщение **around** » 2015-02-02 14:29:45

Доброго времени суток, all.

С недавнего времени весь /var/log/messages загажен вот такими вот сообщениями:

Feb  2 14:22:07 tengwar kernel: TCP: [213.80.179.16]:50054 to [217.23.80.9]:80 tcpflags 0x4<RST>; syncache_chkrst: Our SYN|ACK was rejected, connection attempt aborted by remote endpoint
Feb  2 14:22:07 tengwar kernel: TCP: [188.168.232.198]:40513 to [217.23.80.9]:80 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_1: Received 52 bytes of data after socket was closed, sending RST and removing tcpcb
Feb  2 14:22:07 tengwar kernel: TCP: [213.80.200.10]:47676 to [217.23.80.9]:80 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_1: Received 188 bytes of data after socket was closed, sending RST and removing tcpcb
Feb  2 14:22:07 tengwar kernel: TCP: [213.80.200.10]:47676 to [217.23.80.9]:80 tcpflags 0x11<FIN,ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
Feb  2 14:22:07 tengwar kernel: TCP: [188.168.233.87]:44545 to [217.23.80.9]:80 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_1: Received 94 bytes of data after socket was closed, sending RST and removing tcpcb
Feb  2 14:22:07 tengwar kernel: TCP: [213.80.200.10]:47349 to [217.23.80.9]:80 tcpflags 0x18<PUSH,ACK>; tcp_do_segment: FIN_WAIT_1: Received 188 bytes of data after socket was closed, sending RST and removing tcpcb
Feb  2 14:22:07 tengwar kernel: TCP: [188.168.233.87]:44545 to [217.23.80.9]:80 tcpflags 0x11<FIN,ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
Feb  2 14:22:07 tengwar kernel: TCP: [213.80.200.10]:47349 to [217.23.80.9]:80 tcpflags 0x11<FIN,ACK>; syncache_expand: Segment failed SYNCOOKIE authentication, segment rejected (probably spoofed)
^C

Если в jail 217.23.80.9 остановить nginx, то продолжает гадить

Код: Выделить всё

Feb  2 14:29:00 tengwar kernel: TCP: [100.64.36.131]:2853 to [217.23.80.9]:80 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Feb  2 14:29:00 tengwar kernel: TCP: [213.80.195.116]:54201 to [217.23.80.9]:80 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Feb  2 14:29:00 tengwar kernel: TCP: [188.244.225.165]:50714 to [217.23.80.9]:80 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Feb  2 14:29:00 tengwar kernel: TCP: [100.64.24.254]:38416 to [217.23.80.9]:80 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Feb  2 14:29:00 tengwar kernel: TCP: [188.244.225.29]:34758 to [217.23.80.9]:80 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Feb  2 14:29:00 tengwar kernel: TCP: [188.244.225.83]:58589 to [217.23.80.9]:80 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Feb  2 14:29:00 tengwar kernel: TCP: [100.64.94.205]:49287 to [217.23.80.9]:80 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Feb  2 14:29:00 tengwar kernel: TCP: [188.168.244.104]:58768 to [217.23.80.9]:80 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Feb  2 14:29:00 tengwar kernel: TCP: [100.66.0.187]:50992 to [217.23.80.9]:80 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Feb  2 14:29:00 tengwar kernel: TCP: [213.80.176.211]:42997 to [217.23.80.9]:80 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
Feb  2 14:29:00 tengwar kernel: TCP: [100.64.135.48]:50926 to [217.23.80.9]:80 tcpflags 0x2<SYN>; tcp_input: Connection attempt to closed port
^C

Подскажите, как избавиться? Иначе он мне забивает весь /var моментом...

Хостинг HostFood.ru · **Хостинг HostFood.ru**

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

Alvares · Непрочитанное сообщение **Alvares** » 2015-02-02 16:53:51

logrotate не?

around · Непрочитанное сообщение **around** » 2015-02-02 17:53:37

Alvares писал(а):logrotate не?

sysctl net.inet.tcp.log_in_vain = 0
sysctl net.inet.udp.log_in_vain = 0

Как-то так... Я вообще не знаю, зачем включали логгирование пакетов...

forum.lissyara.su