2025-07-21: We have updated our Privacy Policy. Thanks to Vietnamese blackhat SEO wannabe DDoS:ing forums with Russian malware developed by Aleksandr Ryanchenko (Александр Рябченко) aka Alexandru Robu for automatic registrations and spam posts, this forum is now manually moderated to ban clueless script kiddies.

SOLVED: How to disable tcp-keepalive persistently in Debian?

Installing, configuring, maintaining and designing operating systems
s
Posts: 376
Joined: 2017-7-5 09:58

Post by s » 2025-6-8 05:39

A horde of spam bots tried to register, post and reply to topics on this forum. The result resembled DDoS attack consuming excessive amount of CPU cycles and network traffic. One of the side-effects reminded me of Slowloris Cyber Attack where the attacker floods the target web server with unfinished requests and tries to keep them open as long as possible. SOLVED: How to disable tcp-keepalive completely and permanently in Debian? Web servers keepalive settings and TCP keepalive enable the attack. My webserver was not particularly affected by that but the OS was. Or more precisely MariaDB that turned on the TCP keepalive that is normally disabled in Debian. If you are running MariaDB locally and without any network connections, enabling TCP keeplive for it makes no sense.

WARNING: SSHD uses but does not require TCP keepalive

If you disable tcp-keepalive, ssh will disconnect immediately. Unless you have physical access to your server or a recovery console, you will not be able to re-connect using ssh. SSHD does not need TCP keepalive to keep the connections alive although it is enabled by default.

You can disable TCP keepalive dependency by adding to your SSHD config

Code: Select all

sudo nano /etc/ssh_config
this line

Code: Select all

TCPKeepAlive no
and then reloading configuration

Code: Select all

sudo systemctl reload sshd
Make sure to do this before you disable TCP keepalive.

How to turn TCP keepalive off completely and permanently in Debian?

Before disabling TCP keepalive you must check carefully if there are any software that requires it.

To disable TCP keepalive you need to add settings to your sysconf configuration file to make the configuration persistent:

Code: Select all

sudo nano /etc/sysctl.conf
Add to the file the following lines:

Code: Select all

net.ipv4.tcp_keepalive_time=0
net.ipv4.tcp_keepalive_intvl=0
net.ipv4.tcp_keepalive_probes=0
Load the new settings so that they take effect:

Code: Select all

sudo sysctl -p
To learn the specifics how TCP keepalive works and what this configuration means, read TCP Keepalive HOWTO.

Happy hacking,

s


Top
s
Posts: 376
Joined: 2017-7-5 09:58

Post by s » 2025-7-25 03:45

One more thing. When you are opening ssh-connections to other servers that have TCP keepalive on, you need to add the following option to ssh command:

Code: Select all

-o TCPKeepAlive=no
Otherwise the connection to other servers will disconnect immediately.

To avoid timeouts, you can set manually timeout in seconds:

Code: Select all

-o ConnectTimeout=3600
Both options can be set in ssh-config file:

Code: Select all

TCPKeepAlive no
ConnectTimeout 3600
So far I have not noticed any other issues arising from eliminating tcp-keepalive and Slowloris DDoS cyber attacks have stopped.


Last bumped by s on 2025-7-25 03:45.
Top

Return to “Operating systems”