Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

235/715 connections in SYN_RECV state

Discussion in 'General Discussion' started by erinspice, May 12, 2007.

  1. erinspice

    erinspice Well-Known Member

    Joined:
    Feb 12, 2006
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    166
    One of my servers has 235 out of a total of 715 open connections that are in the SYN_RECV state right now. How can I terminate these connections and keep this from happening again?

    Edited to add: Now its 460 out of 1067.
     
    #1 erinspice, May 12, 2007
    Last edited: May 12, 2007
  2. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    695
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    Sydney / Australia
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. erinspice

    erinspice Well-Known Member

    Joined:
    Feb 12, 2006
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    166
    Thanks, I've already researched SYN_RECV attacks, and tried everything I can find. I just can't find any information on terminating the TCP connections while they are in progress. My server has been like this for at least a week, maybe longer. It's causing performance issues, but the server hasn't gone down, so I'm not sure if it's an actual SYN flood attack.
     
  4. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    695
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    Sydney / Australia
    Maybe this info can help regarding your connection


    lsof | grep ESTABLISHED
    lsof | grep LISTEN
    lsof -p PID
    kill -9 PID

    have you got a firewall installed ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. erinspice

    erinspice Well-Known Member

    Joined:
    Feb 12, 2006
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    166
    Yes. All connections in question are to port 80, Apache.
     
  6. gorilla

    gorilla Well-Known Member

    Joined:
    Feb 3, 2004
    Messages:
    695
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    Sydney / Australia
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice