Date: Wed, 4 Feb 2015 15:40:00 +0000 (UTC)
From: Christos Zoulas <christos%astron.com@localhost>
To: current-users%netbsd.org@localhost
Subject: Re: DoS attack against TCP services
In article
<Pine.NEB.4.64.1502041602460.812%6bone.informatik.uni-leipzig.de@localhost>,
<6bone%6bone.informatik.uni-leipzig.de@localhost> wrote:
Hello,
The problem occurred again. The kernel has over 3,000 connections in
TIME_WAIT state. The compounds are after an hour wait not disappeared.
There are more and more connections in the TIME_WAIT state. My settings
are:
net.inet.tcp.mslt.enable = 1
net.inet.tcp.mslt.loopback = 2
net.inet.tcp.mslt.local = 10
net.inet.tcp.mslt.remote = 60
net.inet.tcp.mslt.remote_threshold = 6
The last few times I have restarted the server in order to solve the
problem. Frequent reboots but very inconvenient for a server.
Does anyone have instructions what information I can still gather to
post
a bug report? The statement "connections in the TIME_WAIT status are not
degraded" are probably not sufficient to find the problem.
Thank you for your efforts
Can you find what daemon/process is being connected to and from where?
christos