[CentOS] ip_conntrack table filling up, dropping packets

Eduardo Grosclaude eduardo.grosclaude at gmail.com
Fri Jun 15 21:56:52 UTC 2007


On 6/12/07, yossarian1 at gmail.com <yossarian1 at gmail.com> wrote:
>
> Hi, my ip_conntrack table is filling up and now my server is dropping
> packets. I'm running CentOS release 4.4 (Final) on a fairly busy
> webserver.  The table is full of various connections, including a lot
> of "ESTABLISHED" tcp connections from my webserver (the src is my
> webserver ip), and some other random connections to my webserver, and
> many "ASSURED" connections.  So why is it filling up? I changed the
> default timeout value like so:
>
> echo 36000 >
> /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
>
> but I don't think that's had any effect. any thoughts? what additional
> info can I provide that would be helpful?    I did find a script that
> clears out some of the stale connections using hping2, but I don't
> know if that's really a great solution to this problem.


I have seen this in connection with some dreadful internet worm affecting
Windows stations in the last hours. This particular worm seems related to
DEL.EXE file modifications. :(


-- 
Eduardo Grosclaude
Universidad Nacional del Comahue
Neuquen, Argentina
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20070615/37d2b341/attachment.html>


More information about the CentOS mailing list