Date: Mon, 1 Oct 2007 18:06:32 -0700 From: "Kip Macy" <kip.macy@gmail.com> To: "Jamie Ostrowski" <jamie.ostrowski@gmail.com> Cc: freebsd-net@freebsd.org, Alfred Perlstein <alfred@freebsd.org> Subject: Re: Too many TIME_WAIT connections Message-ID: <b1fa29170710011806g4a82daa8wfabf191005c8019e@mail.gmail.com> In-Reply-To: <29ae62fc0710011804j395815ccy47951aee4e2092a6@mail.gmail.com> References: <29ae62fc0710011534u7b14d4cdp290c537b33ce79da@mail.gmail.com> <20071002000755.GQ53439@elvis.mu.org> <29ae62fc0710011804j395815ccy47951aee4e2092a6@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/1/07, Jamie Ostrowski <jamie.ostrowski@gmail.com> wrote: > Thats a good idea, but in this particular arrangement we've > firewalled off all other smtp connections except for a certain small > range which comes through Postini. All these connections on the > machine run through the Postini machines, so we can't firewall them > off. If all your connections are local you can safely reduce the MSL. -Kip > > Any other suggestions? If not, we'll tweak msl. > > On 10/1/07, Alfred Perlstein <alfred@freebsd.org> wrote: > > * Jamie Ostrowski <jamie.ostrowski@gmail.com> [071001 16:02] wrote: > > > Hello - > > > > > > I've got a mailserver running FreeBSD 4.11 and Sendmail 8.13 that has > > > been running as a mailserver for a couple of years without any > > > load/connection problems. Here are my memory stats: > > > Mem: 71M Active, 265M Inact, 96M Wired, 24M Cache, 60M Buf, 36M Free > > > Swap: 2048M Total, 760K Used, 2047M Free > > > > > > Then all of a sudden we started experiencing dropped connections even > > though > > > the load average is generally around 2.0 or less. > > > > > > I found the problem today: there are currently 1300 socket connections > > > suspended at status TIME_WAIT on the incoming smtp port. > > > > > > I checked some of my kernel settings: > > > > > > kern.ipc.somaxconn = 128 > > > net.inet.tcp.msl: 30000 > > > > > > I suspect this is a dos attack: they're just opening these connections, > > > and then let them hang there and they don't close them, so they just build > > > up and the machine rejects new connections. > > > > > > Based on my configuration, does anyone have some suggestions on how I > > > might tweak the system to overcome this (apparent?) DOS attack? > > > > You can tweak msl, but it probably makes more sense to use some form > > of firewall, ipfw, ipfilter, pf, etc on the box. > > > > you can use netstat to see the remote addresses, just block them. > > > > -- > > - Alfred Perlstein > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b1fa29170710011806g4a82daa8wfabf191005c8019e>