RPi-Monitor
RPi-Monitor copied to clipboard
XavierBerger
"Possible SYN flooding on port 8889. Sending cookies" message on Odroid-HC1
rpi-monitor is running on port 8889 and I have got a lot of this message in dmesg: TCP: request_sock_TCP: Possible SYN flooding on port 8889. Sending cookies. Check SNMP counters. How to avoid that?
Same for me. I'm absolutely sure that no one is flooding in my local network.
I can confirm that. Mine is running on port 8888 on Raspbian and I get the same message. I have to reload pages multiple times before they load correctly (start page, statistics page).
This is very annoying- any ideas on how to fix that?
I think I have find the problem with some tests on my RaspberryPi 3B and RaspberryPi B+ with RPi-Monitor version 2-12-r0. It's the same for the latest version (2-13).
The perl script located at /usr/bin/rpimonitord line 575 doesn't contains the Listen argument that define the queue size. By default it's 5 regarding to the CPAN Perl documentation, it's about the IO::Socket::INET module but RPi-Monitor use HTTP::Daemon that depend on it.
Correction
(RPi-Monitor version 2-12-r0)
sudo vi +555 /usr/bin/rpimonitord
- add the line below
Listen => SOMAXCONN,
after
this->{'server'} = new HTTP::Daemon ( ReuseAddr => 1,
- Restart RPi-Monitor
sudo systemctl restart rpimonitor.service
Before
ss -nl '( sport = :8888 )'
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp LISTEN 0 5 *:8888 *:*
After
ss -nl '( sport = :8888 )'
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp LISTEN 0 128 *:8888 *:*
Now you can test the webUI and see if the error still occur:
dmesg -T | grep request_sock_TCP
[mer. janv. 2 21:52:04 2019] TCP: request_sock_TCP: Possible SYN flooding on port 8888. Sending cookies. Check SNMP counters.
If you want to known what's the maximum number of the queue size on your system, you can type:
perl -MSocket -le 'print SOMAXCONN'
128
Another solution is to run RPi-Monitor behind a reverse proxy like Apache or NginX (and it's better for the security as the documentation say). Apache doesn't have this problem because by default the queue length is 128:
ss -nl '( sport = :80 )'
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp LISTEN 0 128 *:80 *:*
@dideldumthecat @Yury-MonZon and @houdini69 can you confirm me if this correct the issue?
@Leepic : Great stuff, I can confirm that your fix works for me with version 2.12-r0 on Raspbian! Now all pages load and reload without errors. Thanks!
On a side note, I had to use sudo vi +555 /usr/bin/rpimonitord, as the file was located in /usr/bin rather than /usr/sbin.
@dideldumthecat thank you for your answer. I updated my previous comment following your note. I will submit a pull request soon if all is okay :-).
@houdini69 this issue is resolved in the develop branch, so can you close this issue? Thanks.
I keep see this issue every day or two - Possible SYN flooding on port 8888, on Raspbian Stretch on Raspberry Pi 3B: Linux Carl 4.19.66-v7+ #1253 SMP Thu Aug 15 11:49:46 BST 2019 armv7l GNU/Linux
With respect to:
sudo vi +555 /usr/bin/rpimonitord
Is it ok to edit with nano?
sudo nano /usr/bin/rpimonitord
(What is the +555 for in the vi command?)
Is it ok to edit with nano?
Doesn't matter.
What is the +555 for in the vi command?
Vi jumps then straight to line 555.
