Jump to content

Spam of many CLOSE_WAIT

Deleterios

By Deleterios
in OldBug reports

 Share

Recommended Posts

Deleterios Newbie

Deleterios

Posted
Posted

OS : Debian x64

Mangos-0.12, last rev with some custom patches

Scriptdev2, last rev with some custom patches

Last TBCDB

Since 3/4 weeks, we've a spam of many CLOSE_WAIT states for our tcp connections each one or 2 days. The people connected loss connection and we must restart the world daemon to allow they to reconnect.

netstat -tanpu | grep mangos (cut, grep mangos -c show more en more CLOSE_WAIT. I saw ~3k CLOSE_WAIT)

lsof -n | grep mangos (cut)

Link to comment
Share on other sites
freghar Advanced Member

freghar

Posted
Posted

This might be more of a security issue than mangos one. It looks like a half-detected SYN flood attack or perhaps SYN+FIN. Looks like this CLOSE_WAIT was triggered by tcp_syncookies, but the wait time would be much less than 2 days.

Check your system logs and add anti-flood limit rules to your firewall (if you haven't done so).

Link to comment
Share on other sites
Milk13 Advanced Member

Milk13

Posted
Posted

Since we've the probem, we've disabled our firewall.

I just enable it.

The initial change made is

echo "1" > /proc/sys/net/ipv4/tcp_syncookies

       echo "256" > /proc/sys/net/ipv4/tcp_max_syn_backlog

       echo "3" > /proc/sys/net/ipv4/tcp_synack_retries

       echo "0" > /proc/sys/net/ipv4/ip_dynaddr

       echo "30" > /proc/sys/net/ipv4/tcp_fin_timeout

       echo "1" > /proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid

       echo 0 > /proc/sys/net/ipv4/tcp_window_scaling

   echo 0 > /proc/sys/net/ipv4/tcp_timestamps

   echo 0 > /proc/sys/net/ipv4/tcp_sack

       for f in /proc/sys/net/ipv4/conf/*/log_martians; do

                 echo 1 > $f

       done

       for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do

                 echo 0 > $f

       done

       for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do

                 echo 0 > $f

       done

And over there is floodmon : http://spamcleaner.org/en/misc/floodmon.html

Maybe I must change one of :

/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_close_wait => 60

/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_close => 10

/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_fin_wait => 120

/proc/sys/net/netfilter/nf_conntrack_tcp_timeout_time_wait => 120

Link to comment
Share on other sites
 Share
Go to topic listing

Contact Us

To contact us click here
You can also email us at [email protected]

Privacy Policy | Terms & Conditions

Repositories

The Link to the master list
of MaNGOS repositories:
Copyright © getMaNGOS. All rights Reserved.

This website is in no way associated with or endorsed by Blizzard Entertainment®
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy Terms of Use