Re: DoS attack against TCP services

To: current-users%netbsd.org@localhost
Subject: Re: DoS attack against TCP services
From: christos%astron.com@localhost (Christos Zoulas)
Date: Wed, 4 Feb 2015 15:40:00 +0000 (UTC)

In article <Pine.NEB.4.64.1502041602460.812%6bone.informatik.uni-leipzig.de@localhost>,
 <6bone%6bone.informatik.uni-leipzig.de@localhost> wrote:
>Hello,
>
>The problem occurred again. The kernel has over 3,000 connections in 
>TIME_WAIT state. The compounds are after an hour wait not disappeared. 
>There are more and more connections in the TIME_WAIT state. My settings 
>are:
>
>net.inet.tcp.mslt.enable = 1
>net.inet.tcp.mslt.loopback = 2
>net.inet.tcp.mslt.local = 10
>net.inet.tcp.mslt.remote = 60
>net.inet.tcp.mslt.remote_threshold = 6
>
>The last few times I have restarted the server in order to solve the 
>problem. Frequent reboots but very inconvenient for a server.
>
>Does anyone have instructions what information I can still gather to post 
>a bug report? The statement "connections in the TIME_WAIT status are not 
>degraded" are probably not sufficient to find the problem.
>
>
>Thank you for your efforts

Can you find what daemon/process is being connected to and from where?

christos

Follow-Ups:
- Re: DoS attack against TCP services
  - From: 6bone

References:
- DoS attack against TCP services
  - From: 6bone
- Re: DoS attack against TCP services
  - From: Johnny Billquist
- Re: DoS attack against TCP services
  - From: Michael van Elst
- Re: DoS attack against TCP services
  - From: 6bone

Prev by Date: Re: blacklistd is now available for current (comments?)
Next by Date: Re: DoS attack against TCP services
Previous by Thread: Re: DoS attack against TCP services
Next by Thread: Re: DoS attack against TCP services
Indexes:

Home | Main Index | Thread Index | Old Index