lots of connections in SYN_RECV state
Silvan Jegen
me at sillymon.ch
Thu Nov 6 10:58:58 EST 2014
2014-11-06 16:15,Puneet Agarwal:
> Is there a way to check the reason, why they do not answer to the
> SYN-ACK's?
I don't think so. After all, they just don't answer and they won't tell
you why (AFAIK there is no way to ask them why either)...
You could try to check for patterns in the incoming IP addresses to see
from how many different places these connections are being made. I think
that way it should be possible to figure out from which geographic
location these problematic connections are coming from as well. What you
would do with these findings I am not sure though.
If these connection negatively impact the performance of your servers
you should definitely look into to countermeasures mentioned in the RFC
here.
http://tools.ietf.org/html/rfc4987
More information about the Kernelnewbies
mailing list