Community discussions

 
pokeman
Member Candidate
Member Candidate
Topic Author
Posts: 136
Joined: Fri Jun 05, 2009 10:52 pm

too many close connection

Fri Jan 18, 2008 9:25 am

hello community
here is my connection tracking setting

/ip firewall connection tracking print
enabled: yes
tcp-syn-sent-timeout: 5s
tcp-syn-received-timeout: 5s
tcp-established-timeout: 1d
tcp-fin-wait-timeout: 10s
tcp-close-wait-timeout: 10s
tcp-last-ack-timeout: 10s
tcp-time-wait-timeout: 10s
tcp-close-timeout: 10s
udp-timeout: 10s
udp-stream-timeout: 3m
icmp-timeout: 10s
generic-timeout: 10m
tcp-syncookie: no
max-entries: 2027520
total-entries: 8404

their is to many closed connection

9 S tcp 10.0.3.55:3794 190.160.169.6:38376 close 12h44m55s
10 S tcp 10.0.3.55:3796 89.228.44.242:54529 close 12h44m57s
11 S tcp 10.0.3.55:3797 75.50.212.114:51714 close 12h44m58s
12 S tcp 10.0.3.55:3800 200.44.205.7:16013 close 12h44m59s
13 S tcp 10.0.3.55:3821 190.25.28.96:9540 close 12h45m14s
14 S tcp 10.0.3.55:3818 201.208.182.71:34543 close 12h45m16s
15 S tcp 10.0.3.55:3823 85.50.122.6:38396 close 12h45m19s
16 S tcp 10.0.3.55:3824 85.84.139.37:5162 close 12h45m20s
17 S tcp 10.0.3.55:3815 84.123.123.64:19664 close 12h45m25s
18 S tcp 10.0.3.55:3820 89.29.139.9:31361 close 12h45m27s
19 S tcp 10.0.3.55:3829 190.64.110.218:18614 close 12h45m28s
20 S tcp 10.0.3.55:3827 201.211.93.46:23394 close 12h45m32s
21 S tcp 10.0.3.55:3828 201.211.162.121:34820 close 12h45m32s
22 S tcp 10.0.3.55:3825 190.198.244.146:19030 close 12h45m37s
23 S tcp 10.0.5.103:4255 66.249.91.103:443 close 12h45m44s
24 S tcp 10.0.5.103:4259 66.249.91.103:443 close 12h45m44s
25 S tcp 10.0.3.55:3836 70.71.229.121:62578 close 12h45m47s
26 S tcp 10.0.3.55:3826 79.146.25.129:28651 close 12h45m48s
27 S tcp 10.0.3.55:3835 190.38.70.183:47052 close 12h45m47s
28 S tcp 10.0.3.55:3837 62.43.38.141:23453 close 12h45m49s
29 S tcp 10.0.3.55:3833 81.203.42.121:27053 close 12h45m52s
30 S tcp 10.0.3.55:3848 148.204.137.25:53478 close 12h46m10s
31 S tcp 10.0.3.55:3842 190.37.33.148:9168 close 12h46m12s
32 S tcp 10.0.3.55:3845 201.223.217.178:30547 close 12h46m13s
33 S tcp 10.0.3.55:3846 201.209.157.175:34145 close 12h46m13s
34 S tcp 10.0.3.55:3847 201.208.163.199:45478 close 12h46m13s
35 S tcp 10.0.3.55:3849 190.160.16.4:25090 close 12h46m15s
36 S tcp 10.0.3.157:1166 82.27.203.200:30856 close 12h46m25s
37 S tcp 10.0.3.55:3881 87.111.62.209:46701 close 12h46m24s
38 tcp 10.0.3.55:3831 190.78.37.25:37580 established 12h47m26s
39 S tcp 10.0.3.55:3914 193.150.226.132:24699 close 12h46m27s
40 S tcp 10.0.3.157:1173 24.78.108.229:59701 close 12h46m28s
41 S tcp 10.0.3.55:3912 201.13.158.110:10834 close 12h46m28s
42 SA tcp 10.0.4.199:1735 207.46.108.49:1863 established 13h7m54s
43 S tcp 10.0.3.55:3917 190.78.157.216:27925 close 12h46m34s
44 S tcp 10.0.3.55:3978 84.123.255.157:11346 close 12h46m40s
45 S tcp 10.0.3.55:3979 83.10.190.159:62419 close 12h46m42s
46 S tcp 10.0.3.55:3976 68.242.12.121:50278 close 12h46m42s
47 S tcp 10.0.3.55:3977 190.199.80.59:10469 close 12h46m44s
48 S tcp 10.0.3.157:1218 213.35.241.207:17144 close 12h46m44s
49 S tcp 10.0.3.157:1220 84.52.139.253:47474 close 12h46m44s
50 S tcp 10.0.3.157:1223 65.175.229.61:49362 close 12h46m47s
51 S tcp 10.0.3.55:3982 84.123.217.196:63486 close 12h46m47s
52 S tcp 10.0.3.157:1219 65.94.64.95:31105 close 12h46m48s
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24268
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: too many close connection

Fri Jan 18, 2008 1:01 pm

it reports "close" but it is actually "established". the naming is bad, we will fix this. only names are mixed up, everything else works fine. thanks for reporting
No answer to your question? How to write posts
 
pokeman
Member Candidate
Member Candidate
Topic Author
Posts: 136
Joined: Fri Jun 05, 2009 10:52 pm

Re: too many close connection

Fri Jan 18, 2008 3:17 pm

thx normis what about this connections actully i have arround 15455 connection at the moment and lots of virus attacks what are the best practices for this condition

1993 0 10.0.5.92 24.150.225.112 23h59m44s
1994 0 10.0.4.162 83.178.27.213 23h59m44s
1995 0 10.0.3.228 83.20.231.195 23h59m44s
1996 0 10.0.2.24 63.245.209.49 23h59m44s
1997 0 10.0.7.30 80.231.41.22 23h59m44s
1998 0 85.50.111.14 221.132.112.178 6s
1999 0 10.0.3.215 195.12.231.218 23h59m44s
2000 0 10.0.0.216 59.162.128.6 23h59m44s
2001 0 10.0.1.160 210.193.58.140 23h59m47s
2002 0 10.0.0.183 207.46.107.90 23h59m49s
2003 0 10.0.4.162 85.75.231.227 23h59m49s
2004 0 10.0.8.227 66.249.93.164 23h59m49s
2005 0 10.0.3.183 203.218.89.88 23h59m49s
2006 0 10.0.1.123 83.233.34.205 23h59m49s
2007 0 10.0.3.228 58.181.172.5 23h59m49s
2009 0 10.0.2.50 216.239.116.46 23h59m49s
2010 0 10.0.0.68 84.20.253.18 23h59m49s
2011 0 10.0.1.209 84.53.136.8 23h59m49s
2012 0 10.0.1.76 66.253.239.77 23h59m49s
2014 0 10.0.1.109 81.96.197.71 2m49s
2015 0 10.0.4.162 76.27.26.241 23h59m49s
2016 0 10.0.6.194 195.219.64.188 2m49s
2017 0 10.0.3.228 133.24.255.161 23h59m49s
2018 0 10.0.3.69 38.114.111.43 23h59m49s
2019 0 10.0.4.195 72.189.98.36 23h59m49s
2020 0 10.0.3.196 64.15.113.25 23h59m49s
2021 0 10.0.3.116 208.53.158.95 23h59m49s
2022 0 10.0.1.160 71.206.217.231 23h59m49s
2023 0 10.0.4.162 97.96.86.56 5s
2024 0 10.0.8.121 82.129.35.46 23h59m50s
2025 0 10.0.6.53 65.254.250.126 23h59m50s
2026 0 10.0.6.208 68.95.248.179 23h59m50s
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24268
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: too many close connection

Thu Feb 21, 2008 2:42 pm

you can block number of connection per IP, you can enable "tcp-syncookie" in connection tracking, use "tarpit" action to trap abusers - in general there is not a lot you can do against random IP mass DDoS because they come from different addresses and there is no way to tell if they are valid users or attackers. It's a big problem in modern internet world. To learn best practices you should come to some mikrotik training classes about this topic
No answer to your question? How to write posts
 
pokeman
Member Candidate
Member Candidate
Topic Author
Posts: 136
Joined: Fri Jun 05, 2009 10:52 pm

Re: too many close connection

Sat Feb 23, 2008 9:18 pm

well i think you are not here to support the issue. perviously post my issue
http://forum.mikrotik.com/viewtopic.php?f=2&t=21188
byetheway where the place i am comming in few mins :)))))

Who is online

Users browsing this forum: No registered users and 86 guests