What to do about high Conntrack Sessions?

Conntrack is a listing that a server uses to keep track of all incoming and outgoing connections to a server. For a normal server with a typical amount of traffic, a number below 10,000 conntrack is typical. Depending on what you are doing on a server, this number may reach 10,000 and slightly higher, but that is all.

If you are wondering what your active amount of conntrack sessions are your server are at any given time, you may do so via the following command

cat /proc/net/nf_conntrack

If your VPS was suspended, that was because it passed the threshold of 30,000 conntrack sessions. This is to prevent abuse from any particular VPS on the Node, and to help ensure that all other users in the system have a responsive and working VPS.

If your VPS is suspended, and you are not sure how your VPS has this many conntrack sessions, it is likely that your VPS has been access maliciously, and is being used for other purposes than what you have set it up for.

In this circumstance, we recommend the following
-Change the root password immediately
-Disable password logins for all users via the /etc/ssh/sshd_config and only allow public_key authentication
-Run 'top' and look if any non-standard programs are running that you are not familiar with
--a good example of a non-standard program is one that does not look like a normal name. We have seen groups of five programs with names like 'dmsFZqnoz13z' which run for 10 seconds, and then switch to a new random string to prevent you from removing them

How to Manually Limit Conntrack Sessions
On a Linux server, you can run the following command to limit the max number of conntrack sessions

/sbin/sysctl -w net.netfilter.nf_conntrack_max = 29000

This will limit the max number of conntrack sessions that your VPS is allowed to 29000, which is below the threshold.

This setting will last until a reboot. You can make this setting permanent through the following command

echo net.ipv4.netfilter.ip_conntrack_max = 29000 >> /etc/sysctl.conf

This should resolve your conntrack sessions with us. As a result, your server will not be suspended, but you may still run into hosting issues due to limitation.

If your conntrack sessions stay at a constant 29000, you are most likely undergoing an attack on your server.

Please open a ticket, and submit an e-mail to support@ftpit.com if that is the case so that we can assist you in resolving the issue.

If your VPS is suspended, or offline, because of high conntrack sessions, submit a ticket, or access us using live chat, and we will work with you to get your VPS back up and running.

If you are wondering if you can track conntrack sessions, you can with a variety of packages that are helpful for this. One such tool is conntrack-tools. We advise using the following link and installing it on your VPS.

You may read more about it here...
http://xmodulo.com/how-to-count-the-number-of-open-network-connections-on-linux.html
  • 111 Users Found This Useful
Was this answer helpful?

Related Articles

Do you offer 24x7 support?

While we do not have support staff sitting at a PC 24 hours a day 7 days a week, we do have a...

What disk types you offer?

We offer different disk types for the locations as follows:OpenVZ VPS:Buffalo, NY:HDD SSDChicago,...

Can I request a custom plan?

Of course! Contact our sales team and we can create a special plan that fits for your needs. Just...

How do I order more IPs?

If you need several additional IPs, please open a ticket with our Billing department. We will...