How can I get >100 connections in FIN_WAIT_2 state from the same
IP?
Chuck Swiger
cswiger at mac.com
Tue Oct 13 18:39:51 UTC 2009
On Oct 13, 2009, at 10:33 AM, Martin Turgeon wrote:
> I would like to know if anyone knows the reason why I get a lot of
> connections (more than 100) from the same IP in FIN_WAIT_2 state.
That IP is probably running a web proxy or possibly some kind of
spider. It could also be malicious, trying to exploit webserver
vulnerabilities, etc-- search your logs for that IP and see what it is
doing.
> In this case the connections are on port 80. Is it a problem with the
> client's browser or OS? Is it possible that some mobile devices
> doesn't
> close their connections correctly to save bandwidth and battery?
Yes, it's not uncommon for various platforms to simply drop
connections rather than closing them properly. You can run tcpdrop to
forcibly get rid of them, but they should time out within a few
minutes anyway. If you believe the remote IP is being abusive,
consider firewalling it....
Regards,
--
-Chuck
More information about the freebsd-questions
mailing list