[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] connection-tracking tables full on SuSE 9.0 with SuSEfirewall2
Jim Westbrook wrote:
that's most unlikely, I have only Servers behind the NAT-Box. Looks like
one Windows-Webserver opens a lot of connections from its port 80 to the
outside (right now about 1500 entries), but that does still not explain,
how the connection limit of more than 16.000 could be reached. Maybe a DoS?
You most likely have one or more Win boxes running some P2P application
(kazaa, et al) which advertise your external IP address (assuming NAT is in
use). This, in turn, causes external attempts to connect to these "servers"
from outside your network which is being blocked by your firewall. It's the
number of external attempts that's flooding ip_conntrack.
Locate the box(es) running the P2P application(s), disable the s/w, and
resist the urge to kill the user(s).
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here