[CentOS] ip_conntrack table filling up, dropping packets
Eduardo Grosclaude
eduardo.grosclaude at gmail.comFri Jun 15 21:56:52 UTC 2007
- Previous message: [CentOS] ip_conntrack table filling up, dropping packets
- Next message: [CentOS] CentOS-announce Digest, Vol 28, Issue 9
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 6/12/07, yossarian1 at gmail.com <yossarian1 at gmail.com> wrote: > > Hi, my ip_conntrack table is filling up and now my server is dropping > packets. I'm running CentOS release 4.4 (Final) on a fairly busy > webserver. The table is full of various connections, including a lot > of "ESTABLISHED" tcp connections from my webserver (the src is my > webserver ip), and some other random connections to my webserver, and > many "ASSURED" connections. So why is it filling up? I changed the > default timeout value like so: > > echo 36000 > > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established > > but I don't think that's had any effect. any thoughts? what additional > info can I provide that would be helpful? I did find a script that > clears out some of the stale connections using hping2, but I don't > know if that's really a great solution to this problem. I have seen this in connection with some dreadful internet worm affecting Windows stations in the last hours. This particular worm seems related to DEL.EXE file modifications. :( -- Eduardo Grosclaude Universidad Nacional del Comahue Neuquen, Argentina -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070615/37d2b341/attachment-0001.html>
- Previous message: [CentOS] ip_conntrack table filling up, dropping packets
- Next message: [CentOS] CentOS-announce Digest, Vol 28, Issue 9
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list