Hi, I'm getting a lot of CLOSE_WAIT state which seems to be due to DoS attacks which renders our tcp/ip application service unusable after some time, and I have to restart the service from time to time just to brush off these connections with a CLOSE_WAIT status. The service only allows a limited amount of connections and can no longer service more connections until the CLOSE_WAIT tcp connections is closed.
Is there a way in IPFilter to close connections with CLOSE_WAIT state instead of using 'ndd -set /dev/tcp tcp_time_wait_interval' in solaris? I have set the value for only 60 seconds but seems, this does not work and I could still see a CLOSE_WAIT even if there's no longer any tcp activity. Best Regards, -- Jimmy Lim IT Operation & Support Team Leader Tricom
