On Oct 13, 2009, at 10:33 AM, Martin Turgeon wrote:
I would like to know if anyone knows the reason why I get a lot of
connections (more than 100) from the same IP in FIN_WAIT_2 state.
That IP is probably running a web proxy or possibly some kind of
spider. It could also be malicious, trying to exploit webserver
vulnerabilities, etc-- search your logs for that IP and see what it is
doing.
In this case the connections are on port 80. Is it a problem with the
client's browser or OS? Is it possible that some mobile devices
doesn't
close their connections correctly to save bandwidth and battery?
Yes, it's not uncommon for various platforms to simply drop
connections rather than closing them properly. You can run tcpdrop to
forcibly get rid of them, but they should time out within a few
minutes anyway. If you believe the remote IP is being abusive,
consider firewalling it....
Regards,
--
-Chuck
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
