Max allowed socket connections 1024 PROBLEM... (Under Debian) Pls Help

[Aliasspider]

Hi. people...

I have a very big problem.

I'm first started RealmD.

MaNGOS/0.14.0 (2009-08-09 11:02:35 Revision 8342 - 7d83b1f265ac0196d5bc376ec5f958de653a13d4) for Linux_x64 (little-endian) [realm-daemon]
<Ctrl-C> to stop.

Using configuration file /opt/emu/mangos/etc/realmd.conf.
Database: xxxx;xxxx;xxxx;xxxx;realm
MySQL client library: 5.0.51a
MySQL server ver: 5.0.51a-24+lenny1
Added realm "xxxxxx".

and next started MangosD

WORLD: World initialized
Max allowed socket connections 1024

But, only 10 second i can login in game.

I enabled WorldLogFile = "world.log"

In this file (world.log) in time 10second is full

SERVER:
SOCKET: 19
LENGTH: 4
OPCODE: SMSG_AUTH_CHALLENGE (0x01EC)
DATA:
07 AF 7D 8D 


SERVER:
SOCKET: 21
LENGTH: 4
OPCODE: SMSG_AUTH_CHALLENGE (0x01EC)
DATA:
73 5B 64 67 


SERVER:
SOCKET: 22
LENGTH: 4
OPCODE: SMSG_AUTH_CHALLENGE (0x01EC)
DATA:
70 22 E0 74 


SERVER:
SOCKET: 23
LENGTH: 4
OPCODE: SMSG_AUTH_CHALLENGE (0x01EC)
DATA:
75 0F 3B C7

End is:

SERVER:
SOCKET: 1023
LENGTH: 4
OPCODE: SMSG_AUTH_CHALLENGE (0x01EC)
DATA:
A9 C9 1C 17

I go login past 10second de start. Stoped on word "Connecte"

Why is full world.log, and not log in game...?

About as if closed all socket...

Sorry my english is Low...

[divisorxx]

please remove your server name from all post.

And I think that your server can be under attack, i don't describe how it can be done but looking into the code and it seems that it can be. Also you can use a firewall to try to block it.

[Aliasspider]

I have OFF iptables and Vix script. My server dumb none security of firewall... And all along dead.

How ports use mangos? ... 2 ? (3724, 8085) ?

[freghar]

I have OFF iptables and Vix script. My server dumb none security of firewall... And all along dead.

How ports use mangos? ... 2 ? (3724, 8085) ?

Yep, those two. Setup a basic iptables firewall, google for tutorials.

[Aliasspider]

omg...I do not need tutorial... I can use iptables and vix script... My problem is max allowed socket... 10sec after start, open all socket.

[freghar]

omg...I do not need tutorial... I can use iptables and vix script... My problem is max allowed socket... 10sec after start, open all socket.

Right, but that most likely indicates a (D)DoS attack. Anyway - maximum of allowed open file descriptors can be set using ulimit for a given environment. Global settings depends on your kernel version. The file you need to check for is /proc/sys/fs/file-max, 2.6.17 and older (~ on that, I'm not sure) had /proc/sys/fs/inode-max as well, it's dynamically alocated on newer kernels.

Simply use ulimit for that and, if it isn't enough, increase file-max.

[balrok]

first try to use other ports for your server (for connecting there you can edit your realmlist like: "set realmlist myserver.org:1234") i guess a ddos wouldn't attack all ports.. or?

[freghar]

first try to use other ports for your server (for connecting there you can edit your realmlist like: "set realmlist myserver.org:1234") i guess a ddos wouldn't attack all ports.. or?

A targeted (D)DoS will simply do a portscan ..., so it it's a real attack, it will take some effort to stop it.

[divisorxx]

I think that it's a connection flood (one of my friend are ready probe that on mangos with a simply script) meaby a solution would be make mangos to close idle connections (but they can sed gargabe to avoid this) or make mangos to setup a max connections per ip and refuse-close any more connections from that ip... like apache (i think) does (mod_limitipconn.c I think is the module).

[freghar]

I think that it's a connection flood (one of my friend are ready probe that on mangos with a simply script) meaby a solution would be make mangos to close idle connections (but they can sed gargabe to avoid this) or make mangos to setup a max connections per ip and refuse-close any more connections from that ip... like apache (i think) does (mod_limitipconn.c I think is the module).

Everything in your post can already be done with iptables and Linux kernel limit modifications, it would be nice to have some feature like that in mangos itself, but it's really not needed .. and IMHO it's better to beat those things before they reach userspace.

You can also use classic defenses against a syn flood - like increasing TCP backlog queue, turning on syncookies, decreasing the number of ack retries and so on.