Jump to content

Max allowed socket connections 1024 PROBLEM... (Under Debian) Pls Help


Guest Aliasspider
 Share

Recommended Posts

Hi. people...

I have a very big problem.

I'm first started RealmD.

MaNGOS/0.14.0 (2009-08-09 11:02:35 Revision 8342 - 7d83b1f265ac0196d5bc376ec5f958de653a13d4) for Linux_x64 (little-endian) [realm-daemon]
<Ctrl-C> to stop.

Using configuration file /opt/emu/mangos/etc/realmd.conf.
Database: xxxx;xxxx;xxxx;xxxx;realm
MySQL client library: 5.0.51a
MySQL server ver: 5.0.51a-24+lenny1
Added realm "xxxxxx".

and next started MangosD

WORLD: World initialized
Max allowed socket connections 1024

But, only 10 second i can login in game.

I enabled WorldLogFile = "world.log"

In this file (world.log) in time 10second is full

SERVER:
SOCKET: 19
LENGTH: 4
OPCODE: SMSG_AUTH_CHALLENGE (0x01EC)
DATA:
07 AF 7D 8D 


SERVER:
SOCKET: 21
LENGTH: 4
OPCODE: SMSG_AUTH_CHALLENGE (0x01EC)
DATA:
73 5B 64 67 


SERVER:
SOCKET: 22
LENGTH: 4
OPCODE: SMSG_AUTH_CHALLENGE (0x01EC)
DATA:
70 22 E0 74 


SERVER:
SOCKET: 23
LENGTH: 4
OPCODE: SMSG_AUTH_CHALLENGE (0x01EC)
DATA:
75 0F 3B C7

End is:

SERVER:
SOCKET: 1023
LENGTH: 4
OPCODE: SMSG_AUTH_CHALLENGE (0x01EC)
DATA:
A9 C9 1C 17

I go login past 10second de start. Stoped on word "Connecte"

Why is full world.log, and not log in game...?

About as if closed all socket...

Sorry my english is Low...

Link to comment
Share on other sites

omg...I do not need tutorial... I can use iptables and vix script... My problem is max allowed socket... 10sec after start, open all socket.

Right, but that most likely indicates a (D)DoS attack. Anyway - maximum of allowed open file descriptors can be set using ulimit for a given environment. Global settings depends on your kernel version. The file you need to check for is /proc/sys/fs/file-max, 2.6.17 and older (~ on that, I'm not sure) had /proc/sys/fs/inode-max as well, it's dynamically alocated on newer kernels.

Simply use ulimit for that and, if it isn't enough, increase file-max.

Link to comment
Share on other sites

first try to use other ports for your server (for connecting there you can edit your realmlist like: "set realmlist myserver.org:1234") i guess a ddos wouldn't attack all ports.. or?

A targeted (D)DoS will simply do a portscan ..., so it it's a real attack, it will take some effort to stop it.

Link to comment
Share on other sites

I think that it's a connection flood (one of my friend are ready probe that on mangos with a simply script) meaby a solution would be make mangos to close idle connections (but they can sed gargabe to avoid this) or make mangos to setup a max connections per ip and refuse-close any more connections from that ip... like apache (i think) does (mod_limitipconn.c I think is the module).

Link to comment
Share on other sites

I think that it's a connection flood (one of my friend are ready probe that on mangos with a simply script) meaby a solution would be make mangos to close idle connections (but they can sed gargabe to avoid this) or make mangos to setup a max connections per ip and refuse-close any more connections from that ip... like apache (i think) does (mod_limitipconn.c I think is the module).

Everything in your post can already be done with iptables and Linux kernel limit modifications, it would be nice to have some feature like that in mangos itself, but it's really not needed .. and IMHO it's better to beat those things before they reach userspace.

You can also use classic defenses against a syn flood - like increasing TCP backlog queue, turning on syncookies, decreasing the number of ack retries and so on.

Link to comment
Share on other sites

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy Terms of Use