Hey,
I am using sfs 1.5.5 and recently the sockets connected count on my admin tool has been really high. I'm talking like 15000 sockets connected for 900 users. Any ideas on what might be causing this? Could someone be trying to attack the server? Can there be any adverse effects of a really high sockets connected count?
Thanks,
Blank_101
Excessively High Sockets Connected Count
1. If you have a very high maxIdleTime value in your config the server won't auto-disconnect users.
2. You can use the IP filter to avoid too many connections from 1 single IP, by default this is set to 10
3. 15k connections will suck resources on your server machine and if the actual number of users is only 900, it would be better to avoid that.
You can better inspect what's going on by running netstat from a Windows console or Linux/Unix terminal
2. You can use the IP filter to avoid too many connections from 1 single IP, by default this is set to 10
3. 15k connections will suck resources on your server machine and if the actual number of users is only 900, it would be better to avoid that.
You can better inspect what's going on by running netstat from a Windows console or Linux/Unix terminal
Ok, it's been a little while now and I've tried playing with all these settings.
I've done some searching using the netstat tool and found that sfs is recieving hundreds of connections from a select few ip addresses. To me this looks malicious. I want to filter the amount of connections from a single ip address so that once a socket request comes in for the 21st connection it will be refused completely.
Max user idle time is 180 seconds.Lapo wrote:1. If you have a very high maxIdleTime value in your config the server won't auto-disconnect users.
The IP filter is set to 20. How does the IP filter work exactly? Personally, I am able to open 21+ connections through telnet.Lapo wrote:2. You can use the IP filter to avoid too many connections from 1 single IP, by default this is set to 10
I've done some searching using the netstat tool and found that sfs is recieving hundreds of connections from a select few ip addresses. To me this looks malicious. I want to filter the amount of connections from a single ip address so that once a socket request comes in for the 21st connection it will be refused completely.
What you see in the netstat output is definitely happening at a lower level than the JVM. The IP filter works by refusing more than the specified number of connections but it doesn't have control over the TCP layer which is managed by the OS.
If you need such level of control you should you should setup a hardware or software firewall (i.e. iptables under Unix/Linux)
If you need such level of control you should you should setup a hardware or software firewall (i.e. iptables under Unix/Linux)