Find the answer to your Linux question:
Results 1 to 5 of 5
This one isn't so much about how to protect a server, but rather why a specific user is tripping the port flood rule. I use csf on the server, and ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Engineer
    Join Date
    Mar 2005
    Location
    Where my hat is
    Posts
    766

    User tripping port flood rules in csf


    This one isn't so much about how to protect a server, but rather why a specific user is tripping the port flood rule. I use csf on the server, and port 80 is set to: 80;tcp;20;5 (20 connections within 5 seconds).

    The user is using XP and Firefox. He's an elderly gentleman and has been a member of the site for many, many years. So anything overtly malicious on his part is ruled out.

    What I'm trying to figure out is why he's tripping this rule, and what could be on his machine that causes this behavior, whether it's a Firefox addon or something else. Has anyone else run across something like this?
    Registered Linux user #384279
    Vector Linux SOHO 7

  2. #2
    Linux Enthusiast Mudgen's Avatar
    Join Date
    Feb 2007
    Location
    Virginia
    Posts
    664
    Have not run across this, but any chance someone may have been in his about:config and changed any of the network.http.* settings? Especially network.http.pipelining, which defaults to false? If you turned that on and upped network.http.pipelining.maxrequests up to 30 from the default 4 it could do what you're seeing, and there are Firefox tweaking guides out there that suggest doing this to speed up the browser.

  3. #3
    Linux Engineer rcgreen's Avatar
    Join Date
    May 2006
    Location
    the hills
    Posts
    1,134
    It might be Fasterfox

    Dynamic speed increases can be obtained with the unique prefetching mechanism, which recycles idle bandwidth by silently loading and caching all of the links on the page you are browsing.
    https://addons.mozilla.org/en-US/firefox/addon/1269/

  4. #4
    Linux Engineer
    Join Date
    Mar 2005
    Location
    Where my hat is
    Posts
    766
    We've narrowed it down to his modem/router combination. He gave me a key indicator yesterday when he mentioned his laptop running IE also was having issues hitting the site. I'm pouring over the documentation for his modem/router combo to see if there's anything in those settings that would trip anything up.

    Strange thing is, up to a few weeks ago, he wasn't having issues. I upgraded csf a couple of weeks ago, and I suspect there may be a corelation there.

    Still digging into this one.
    Registered Linux user #384279
    Vector Linux SOHO 7

  5. #5
    Linux Enthusiast Mudgen's Avatar
    Join Date
    Feb 2007
    Location
    Virginia
    Posts
    664
    Sounds like a good component isolation. Please do post back if you figure it out. If I can't help, I'd like to learn something.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •