On 6/12/07, yossarian1 at gmail.com <yossarian1 at gmail.com> wrote: > > Hi, my ip_conntrack table is filling up and now my server is dropping > packets. I'm running CentOS release 4.4 (Final) on a fairly busy > webserver. The table is full of various connections, including a lot > of "ESTABLISHED" tcp connections from my webserver (the src is my > webserver ip), and some other random connections to my webserver, and > many "ASSURED" connections. So why is it filling up? I changed the > default timeout value like so: > > echo 36000 > > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established > > but I don't think that's had any effect. any thoughts? what additional > info can I provide that would be helpful? I did find a script that > clears out some of the stale connections using hping2, but I don't > know if that's really a great solution to this problem. I have seen this in connection with some dreadful internet worm affecting Windows stations in the last hours. This particular worm seems related to DEL.EXE file modifications. :( -- Eduardo Grosclaude Universidad Nacional del Comahue Neuquen, Argentina -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070615/37d2b341/attachment-0005.html>