Chuck Swiger wrote: > On Oct 13, 2009, at 10:33 AM, Martin Turgeon wrote: >> I would like to know if anyone knows the reason why I get a lot of >> connections (more than 100) from the same IP in FIN_WAIT_2 state. > > That IP is probably running a web proxy or possibly some kind of > spider. It could also be malicious, trying to exploit webserver > vulnerabilities, etc-- search your logs for that IP and see what it is > doing. > >> In this case the connections are on port 80. Is it a problem with the >> client's browser or OS? Is it possible that some mobile devices >> doesn't >> close their connections correctly to save bandwidth and battery? > > Yes, it's not uncommon for various platforms to simply drop > connections rather than closing them properly. You can run tcpdrop to > forcibly get rid of them, but they should time out within a few > minutes anyway. If you believe the remote IP is being abusive, > consider firewalling it.... >
This is also common from the differences in TCP/IP stacks across various platforms. Windows, Linux, Solaris, etc are all slightly different in this regard. If you're running a web server you can set the following in /etc/sysctl.conf in an attempt to mitigate. Don't know if the timeout period can be altered. net.inet.tcp.fast_finwait2_recycle=1 This won't stop it from happening but it will trim the pool down some. -Mike _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
