Date: Mon, 1 Oct 2007 17:34:40 -0500 From: "Jamie Ostrowski" <jamie.ostrowski@gmail.com> To: freebsd-net@freebsd.org Subject: Too many TIME_WAIT connections Message-ID: <29ae62fc0710011534u7b14d4cdp290c537b33ce79da@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello - I've got a mailserver running FreeBSD 4.11 and Sendmail 8.13 that has been running as a mailserver for a couple of years without any load/connection problems. Here are my memory stats: Mem: 71M Active, 265M Inact, 96M Wired, 24M Cache, 60M Buf, 36M Free Swap: 2048M Total, 760K Used, 2047M Free Then all of a sudden we started experiencing dropped connections even though the load average is generally around 2.0 or less. I found the problem today: there are currently 1300 socket connections suspended at status TIME_WAIT on the incoming smtp port. I checked some of my kernel settings: kern.ipc.somaxconn = 128 net.inet.tcp.msl: 30000 I suspect this is a dos attack: they're just opening these connections, and then let them hang there and they don't close them, so they just build up and the machine rejects new connections. Based on my configuration, does anyone have some suggestions on how I might tweak the system to overcome this (apparent?) DOS attack? Many thanks, - Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?29ae62fc0710011534u7b14d4cdp290c537b33ce79da>