From owner-freebsd-net@FreeBSD.ORG Mon Oct 1 23:02:10 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E171C16A4C7 for ; Mon, 1 Oct 2007 23:02:10 +0000 (UTC) (envelope-from jamie.ostrowski@gmail.com) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.189]) by mx1.freebsd.org (Postfix) with ESMTP id 5B6A013C5A5 for ; Mon, 1 Oct 2007 23:01:58 +0000 (UTC) (envelope-from jamie.ostrowski@gmail.com) Received: by mu-out-0910.google.com with SMTP id w9so4943555mue for ; Mon, 01 Oct 2007 16:01:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=QviAvRuoMBheSM+AWiILDUAztpqHhpSysHE24JQRQFY=; b=WmVHJlmKE6tUKP8a30sCqbxV/XNZhErbWIiNP9iGBKGJf8wPz38FSljhm0SpSExaelzCYBdwUWHkbOB2DrIDb8wxF1l+fVI4iaJ0MRwYRkyUy7rBGGQuQMsbOSyNOTkkCi7CT7GRyrFPX9StIh53fm3TGCoqMMzG4kBW7x4MEo0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type; b=YmqKeIOyjP7lOeBdaDOL8LpA+30VZZcS1q79G5fbOeI6r3Z0ynWC6yN09lLkqubs08Rb50/z8ouwUfHrRXJu+qBajkOCyT9NByXsmIuVJgLiQabmRo91/S/AGKpaoCRlqnTUXQu92HHWhYCp4Nm3lokHgimeRdKTL1R0PY2vHyo= Received: by 10.82.165.13 with SMTP id n13mr17022625bue.1191278080725; Mon, 01 Oct 2007 15:34:40 -0700 (PDT) Received: by 10.82.161.2 with HTTP; Mon, 1 Oct 2007 15:34:40 -0700 (PDT) Message-ID: <29ae62fc0710011534u7b14d4cdp290c537b33ce79da@mail.gmail.com> Date: Mon, 1 Oct 2007 17:34:40 -0500 From: "Jamie Ostrowski" To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Too many TIME_WAIT connections X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Oct 2007 23:02:11 -0000 Hello - I've got a mailserver running FreeBSD 4.11 and Sendmail 8.13 that has been running as a mailserver for a couple of years without any load/connection problems. Here are my memory stats: Mem: 71M Active, 265M Inact, 96M Wired, 24M Cache, 60M Buf, 36M Free Swap: 2048M Total, 760K Used, 2047M Free Then all of a sudden we started experiencing dropped connections even though the load average is generally around 2.0 or less. I found the problem today: there are currently 1300 socket connections suspended at status TIME_WAIT on the incoming smtp port. I checked some of my kernel settings: kern.ipc.somaxconn = 128 net.inet.tcp.msl: 30000 I suspect this is a dos attack: they're just opening these connections, and then let them hang there and they don't close them, so they just build up and the machine rejects new connections. Based on my configuration, does anyone have some suggestions on how I might tweak the system to overcome this (apparent?) DOS attack? Many thanks, - Jamie