> -----Original Message----- > From: Chris Buechler [mailto:[EMAIL PROTECTED] > Sent: 26 January 2006 17:27 > To: [email protected] > Subject: Re: [pfSense Support] State Problems > > Lawrence Farr wrote: > > I'm using pfsense to protect a number of web/mail/ftp > > servers, which it does fantastically. Since upgrading > > to the 1.0 Betas it seems to be running out of available > > states very quickly. I've upped the state table to 20000 > > and it's run out within a few hours. Most of the states > > seem to be http access with successive source/destination > > ports eg: > > > > That kind of looks like a potential DoS or DDoS. That many > successive > connections from a single host that never get closed should typically > never happen on a web server. Looks malicious to me, but I'd > be curious > to see what others think. > > About how many states per IP do you have? Look through your > web server > logs and see what those IP's that are hanging there are attempting to > do, as that might help determine whether it's a legit user or > malicious > traffic.
They seem to be genuine traffic, as I've looked through the logs and it's a definate path through a website as opposed to the same page over and over. They do close eventually, but I get enough of a build up to run out of apache processes on the servers at times as well. Maybe it's a badly behaving type of web cache or similar? Changing the HTTP allow rules from keep state to modulate state seems to have calmed it down a little currently as it's hovering around the 1500 state mark. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
