解决Linux下大量FIN_WAIT2 &TIME_WAIT 处理办法

解决Linux下大量FIN_WAIT2 &TIME_WAIT 处理办法 

Hi everyone,

like the topic says, my server has tons of connections in FIN_WAIT2 and TIME_WAIT status and I have no idea whats causing it   It's a new box and it has been like that pretty much from the beginning (past 6 days). I think the CPU is not overloaded and always only between 0.2 and 0.5. 
I have set up a 10 minute cronjob a few hours ago to log the output of netstat -tn into files and the largest file has 60+ Kbytes.

I would be very thankful, if someone has an idea about what is happening here.

Thanks a lot! 

 

解决办法:

You will get the description of FIN_WAIT2 & TIME_WAIT in the man page of netstat. Type 'man netstat' in the shell. You can minimize those FIN_WAIT2 & TIME_WAIT states by doing the below things :-

echo 1 > /proc/sys/net/ipv4/tcp_syncookies

Put following in /etc/sysctl.conf 
# Enable TCP SYN cookie protection 
net.ipv4.tcp_syncookies = 1

# Decrease the time default value for tcp_fin_timeout connection 
net.ipv4.tcp_fin_timeout = 30

# Turn off the tcp_window_scaling 
net.ipv4.tcp_window_scaling = 0

# Turn off the tcp_sack 
net.ipv4.tcp_sack = 0

Then execute the command :-
# /sbin/sysctl -p

You can also execute the following commands to minimize the syn attack in the future :-
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP 
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP 
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP