LISTSERV - HP3000-L Archives

HP3000-L Archives

August 2006, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L August 2006, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: tcp connection limit exceeded msgs
From:	Denys Beauchemin <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Sat, 19 Aug 2006 10:33:27 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (59 lines)

A couple of questions.

Which protocol do you use with Reflection, NS/VT or Telnet?

What does your sysstart file look like?

It almost sounds to me that your system is being blasted by one or more PCs
sending stuff on Telnet, which is port 23 I believe.  If you do not use
Telnet protocol for Reflection access, I would disable that protocol in
JINETDCFG file and restart Jinetd.   A quick way to test this would be to
kill JINETD right away and see what the numbers look like in a little while.

Denys

-----Original Message-----
From: HP-3000 Systems Discussion [mailto:[log in to unmask]] On Behalf
Of johnpitman
Sent: Friday, August 18, 2006 10:56 PM
To: [log in to unmask]
Subject: [HP3000-L] tcp connection limit exceeded msgs

N series , 1 x 220Hgz cpu, 1 GB ram, 1 x 18GB, 1 x 36gb hdd MPE 7.5.02

During a normal day we have up to 220 sessions, maybe 30-50 jobs running.
95% of the sessions are network vt-mgr connections. Maybe occasions when
memory bound, but overall ok performance.

Saturday morning get a call that only one guy can log on....get on my vpn
from home. I can ping the system, and other devices on the network, but
reflections wont connect, nor will telnet......
After getting the one logged on user to log off, I can get on, and actually
open 4 sessions. Eventually I see 'tcp connection limit exceeded' msgs on
console. In nettool->status->tcpstat->tcpglobal I see that connections
currently open is sitting on configured limit.....2048
In the end I drove into work , but I couldn't see any obvious source of all
the connections. We have a pc that does ftps from system every minute, but
it was behaving normally. I stopped Jinetd job, no change. I stopped the
jdbc job, no change, or maybe a little - the current connections count
drifted down as low as 2036, but then climbed again.
I shutdown the network, restarted it, current connections went straight to
1823.....who are they?
In the end I configured the max connections up to 4096, and rebooted it.
Currently (couple of hours later), with 3 sessions, a couple of jobs, and
the occasion ftp process, connections open is 88. In the last 10mins crept
up to 98...

Any idea how one finds out who all the connectees are please? This smells a
little like the attack we had on our firewall a while ago....

TIA

jp

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU