We help IT Professionals succeed at work.

sshd opening thousands of connections

lucideous
lucideous asked
on
When I start sshd on my linux server I am having thousands of connections opened.  This in turn is overwhelming my firewall and causing web requests to be denied.  When I stop sshd all of the connections go away and the site operates as normal.  Below is an example of the thousands of lines that appear when I run a netstat -ao.  

This is my first post here so if I am missing details I apologize in advance and would be more than happy to provide any details requested.

Thanks in advance for your assistance.
tcp        0      0 mydomain.com:ssh           72.d4.1343.static.the:17923 TIME_WAIT   timewait (49.01/0/0)
tcp        0      0 mydomain.com:ssh           72.d4.1343.static.the:18179 TIME_WAIT   timewait (43.08/0/0)
tcp        0      0 mydomain.com:ssh           72.d4.1343.static.the:18944 FIN_WAIT2   timewait (51.41/0/0)
tcp        0      0 mydomain.com:ssh           72.d4.1343.static.the:18688 TIME_WAIT   timewait (43.52/0/0)
tcp        0      0 mydomain.com:ssh           72.d4.1343.static.the:18432 TIME_WAIT   timewait (49.14/0/0)
tcp        0      0 mydomain.com:ssh           72.d4.1343.static.the:17152 TIME_WAIT   timewait (30.96/0/0)
tcp        0      0 mydomain.com:ssh           72.d4.1343.static.the:16896 TIME_WAIT   timewait (30.90/0/0)
tcp        0      0 mydomain.com:ssh           72.d4.1343.static.the:18176 TIME_WAIT   timewait (49.07/0/0)
tcp        0      0 mydomain.com:ssh           72.d4.1343.static.the:17920 TIME_WAIT   timewait (49.00/0/0)
tcp        0      0 mydomain.com:ssh           72.d4.1343.static.the:17408 TIME_WAIT   timewait (31.01/0/0)
tcp        0      0 mydomain.com:ssh           72.d4.1343.static.the:18945 FIN_WAIT2   timewait (51.44/0/0)
tcp        0      0 mydomain.com:ssh           72.d4.1343.static.the:18433 TIME_WAIT   timewait (43.13/0/0)
tcp        0      0 mydomain.com:ssh           72.d4.1343.static.the:18689 TIME_WAIT   timewait (40.21/0/0)
tcp        0      0 mydomain.com:ssh           72.d4.1343.static.the:16897 TIME_WAIT   timewait (6.89/0/0)
tcp        0      0 mydomain.com:ssh           72.d4.1343.static.the:17153 TIME_WAIT   timewait (30.89/0/0)
tcp        0      0 mydomain.com:ssh           72.d4.1343.static.the:17921 TIME_WAIT   timewait (42.94/0/0)

Open in new window

Comment
Watch Question

Top Expert 2005
Commented:
Looks like somebody tries simple DoS from 72.d4.1343.static.the... address
run netstat -an
to get the real, IP. Block it within Your firewall, get IP responsible from www.ripe.net whois, report abuse.
Also read http://www.linux-noob.com/forums/index.php?showtopic=1829

Author

Commented:
Thanks - this is the issue.  I have a new problem now.  I will post a new question.  Thank you so much.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.