- Posts: 198
- Thank you received: 1
TCP_Timestamp
13 years 2 months ago - 13 years 2 months ago #37482
by Dove
Dove
TCP_Timestamp was created by Dove
Hi
We have hosted a website using ReHad 5.2 and Apache Foundation. This was working fine but all of sudden the performance dropped and it takes 90secs to load the page.
We did various investigations in Network devices like Cisco CSM, Juniper Firewall, Cisco FWSM etc.. and did packet capture and found the Apache server is not responding for SYN request from client. After we did google and found an option saying disable the TCP_Timestamp.
As soon as we did the tcp_timestamp off in Apache server, the website performance returned to normal...!!!
Is anyone faced this kind of issue? Any idea why all of sudden Server created this problem? Do we need to install any patch? Is it a bug in Linux?
Please advice...
Thanks in Advance for you help
We have hosted a website using ReHad 5.2 and Apache Foundation. This was working fine but all of sudden the performance dropped and it takes 90secs to load the page.
We did various investigations in Network devices like Cisco CSM, Juniper Firewall, Cisco FWSM etc.. and did packet capture and found the Apache server is not responding for SYN request from client. After we did google and found an option saying disable the TCP_Timestamp.
As soon as we did the tcp_timestamp off in Apache server, the website performance returned to normal...!!!
Is anyone faced this kind of issue? Any idea why all of sudden Server created this problem? Do we need to install any patch? Is it a bug in Linux?
Please advice...
Thanks in Advance for you help
Dove
Last edit: 13 years 2 months ago by Dove.
13 years 2 months ago #37483
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic Re: TCP_Timestamp
TCP Timestamps normally add around 12 bytes to the TCP header if I remember correctly, thus increasing the overhead, but it also a good idea to disable them in the system (IPv4) as they are relative to real time and a hacker could potentially figure the time since the system's last rebooted.
I don't know though how it would impact the server's performance to the point you are describing, unless the system was under attack; Did you manage to see if there were hundreds of connections to the server - something that would indicate hackers were trying to use this exploit-security hole?
I don't know though how it would impact the server's performance to the point you are describing, unless the system was under attack; Did you manage to see if there were hundreds of connections to the server - something that would indicate hackers were trying to use this exploit-security hole?
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
13 years 1 month ago #37487
by Dove
Dove
Replied by Dove on topic Re: TCP_Timestamp
Hi Chris
These are webservers, normally they would have about 1000-2000 connections. I don't see increase in number of connections....
Is there any other way to check whether these webservers were under attack?
Thanks
Mahendra
These are webservers, normally they would have about 1000-2000 connections. I don't see increase in number of connections....
Is there any other way to check whether these webservers were under attack?
Thanks
Mahendra
Dove
Time to create page: 0.127 seconds