8 Mar
2001
8 Mar
'01
21:16
Nevertheless, this doesn't seem to be the problem here. It more or less looks like this machine has been under attack so that all available sockets have been used up. In particular, it seems to have been a SYN flood attack. There is no efficient countermeasure against this other than pulling the plug.
That's what I think, too, but there are counter measures with kernel 2.4, I think. If I understand /proc/sys/net/ipv4/tcp_synack_retries correctly, you should reduce the value. Or restrict the incoming syn-rate at the firewall or get a firewall that knows "random early drop". (Thanks, Guido Stepken ;-) ) Björn Engels LANWORKS AG