Too many TIME_WAIT connections

Kip Macy kip.macy at gmail.com
Mon Oct 1 18:06:33 PDT 2007 

On 10/1/07, Jamie Ostrowski <jamie.ostrowski at gmail.com> wrote:
>   Thats a good idea, but in this particular arrangement we've
> firewalled off all other smtp connections except for a certain small
> range which comes through Postini. All these connections on the
> machine run through the Postini machines, so we can't firewall them
> off.

If all your connections are local you can safely reduce the MSL.

 -Kip


>
>   Any other suggestions? If not, we'll tweak msl.
>
> On 10/1/07, Alfred Perlstein <alfred at freebsd.org> wrote:
> > * Jamie Ostrowski <jamie.ostrowski at gmail.com> [071001 16:02] wrote:
> > >    Hello -
> > >
> > >    I've got a mailserver running FreeBSD 4.11 and Sendmail 8.13 that has
> > > been running as a mailserver for a couple of years without any
> > > load/connection problems. Here are my memory stats:
> > > Mem: 71M Active, 265M Inact, 96M Wired, 24M Cache, 60M Buf, 36M Free
> > > Swap: 2048M Total, 760K Used, 2047M Free
> > >
> > > Then all of a sudden we started experiencing dropped connections even
> > though
> > > the load average is generally around 2.0 or less.
> > >
> > >   I found the problem today: there are currently 1300 socket connections
> > > suspended at status TIME_WAIT on the incoming smtp port.
> > >
> > >   I checked some of my kernel settings:
> > >
> > >   kern.ipc.somaxconn = 128
> > >   net.inet.tcp.msl: 30000
> > >
> > >   I suspect this is a dos attack: they're just opening these connections,
> > > and then let them hang there and they don't close them, so they just build
> > > up and the machine rejects new connections.
> > >
> > >   Based on my configuration, does anyone have some suggestions on how I
> > > might tweak the system to overcome this (apparent?) DOS attack?
> >
> > You can tweak msl, but it probably makes more sense to use some form
> > of firewall, ipfw, ipfilter, pf, etc on the box.
> >
> > you can use netstat to see the remote addresses, just block them.
> >
> > --
> > - Alfred Perlstein
> >
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>

More information about the freebsd-net mailing list