[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] connection-tracking tables full on SuSE 9.0 with SuSEfirewall2



Hi Jim,

Jim Westbrook wrote:

You most likely have one or more Win boxes running some P2P application

(kazaa, et al) which advertise your external IP address (assuming NAT is in
use).  This, in turn, causes external attempts to connect to these "servers"
from outside your network which is being blocked by your firewall.  It's the
number of external attempts that's flooding ip_conntrack.

Locate the box(es) running the P2P application(s), disable the s/w, and
resist the urge to kill the user(s).

JimW
that's most unlikely, I have only Servers behind the NAT-Box. Looks like one Windows-Webserver opens a lot of connections from its port 80 to the outside (right now about 1500 entries), but that does still not explain, how the connection limit of more than 16.000 could be reached. Maybe a DoS?

Greetings,

Ralf

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here