lots of sockets in TIME_WAIT
Doug White
dwhite at gumbysoft.com
Tue May 20 13:18:05 PDT 2003
On Tue, 20 May 2003, Saulius Menkevièius wrote:
> I have some DDOS(?) attack on my router going where my apache HTTP
> server is flooded with short-timed connections from some host. This
> results in LOTS of sockets in TIME_WAIT/LAST_ACK/CLOSING states and
> eventually I'm out of mbufs, which, consequently means I can't even
> connect to the router from LAN. The kern.ipc.nmbclusters is 2560, (I
> guess high enough for router with DSL connection).
TIME_WAIT is normal for a server. LAST_ACK/CLOSING looks like packet
loss. Is your outbound link overloaded normally, or from the DoS?
Can you block the host? :)
> After some time all mbufs are depleted (system says "All mbuf
> cluster exhausted"). However, unexpectedly the system panics shortly
> in about 10 minutes (+/-) with:
Then increase the mbufs & clusters. Did you read the tuning man page?
--
Doug White | FreeBSD: The Power to Serve
dwhite at gumbysoft.com | www.FreeBSD.org
More information about the freebsd-stable
mailing list