Raspberry Pi 4 Real World Tests

The Raspberry Pi 4 was launched on 24th June and has been well received, to say the least. The spec is a big step up on previous models. It has 4 CPU cores like the Pi 2, a gigabit port like the Pi 3, plus USB 3, a better SoC, a separated bus architecture, faster memory and more of it.

Over the years, many “home” devices have been launched with Gigabit Ethernet, promising lightning fast network speeds, only to disappoint due to their lack of overall grunt. The Linkstation Live, the Sheevaplug and, to a lesser extent the Pi 3 are all on that category, unable to push their gigabit ports to more than about 14, 8 and 12 megabytes/sec respectively, due to the limitations of the CPU and the board. Is the Pi 4 the same, or can it operate as a serious NAS ?

Short answer: Yes. The Pi 4 is a *serious* NAS contender. Sustained write speeds of over 68 MB/s were obtained, and over 105 MB/s for reading, including saturation of the Gigabit network. Yes, the Pi 4 can push even a 1000 MB/s network to 100%.

Continue reading

How to Protect a LAMP Server Against nf_conntrack Flood Attacks

An AWS hosted website went offline at 02:00 this morning. It was running on a t2.nano Debian 9 instance. I was unable to log into the affected server, and a reboot was the only available course of action. Logging in and checking the logs afterwards revealed thousands of errors like this in the kernel log file, from 2:00 AM onward:

nf_conntrack: nf_conntrack: table full, dropping packet

The cause was a denial of service attack, coming from a couple of IP addresses seemingly in Iran. However, it was a little unusual for a couple of reasons. This article explains more about the attack vector and presents a solution to guard against future attacks. (In summary: block IP addresses, tune the kernel).

Continue reading