Solaris 10 with Weblogic : High TCP connect timeout rate

sunhux
sunhux used Ask the Experts™
on
Our Solaris 10 server running Weblogic are getting thousands of messages below:
Intermittently the OS would freeze:  no core/crash dumps found.

Does this require a WL or Solaris patch or certain TCP tuning?  


Feb  5 06:17:27 VGUV30 ip: [ID 995438 kern.warning] WARNING: High TCP connect timeout rate! System (port 8080) may be under a SYN flood attack!
Feb  5 12:13:03 VGUV30 ip: [ID 995438 kern.warning] WARNING: High TCP connect timeout rate! System (port 8080) may be under a SYN flood attack!
Feb  6 10:28:25 VGUV30 ip: [ID 995438 kern.warning] WARNING: High TCP connect timeout rate! System (port 8080) may be under a SYN flood attack!
Feb  6 11:56:35 VGUV30 ip: [ID 995438 kern.warning] WARNING: High TCP connect timeout rate! System (port 8080) may be under a SYN flood attack!
Feb  7 21:57:33 VGUV30 ip: [ID 995438 kern.warning] WARNING: High TCP connect timeout rate! System (port 8080) may be under a SYN flood attack!
Feb  7 22:06:34 VGUV30 ip: [ID 995438 kern.warning] WARNING: High TCP connect timeout rate! System (port 8080) may be under a SYN flood attack!
Feb  8 04:24:08 VGUV30 ip: [ID 995438 kern.warning] WARNING: High TCP connect timeout rate! System (port 8080) may be under a SYN flood attack!
Feb  9 21:28:25 VGUV30 ip: [ID 995438 kern.warning] WARNING: High TCP connect timeout rate! System (port 8080) may be under a SYN flood attack!
Feb  9 22:12:10 VGUV30 ip: [ID 995438 kern.warning] WARNING: High TCP connect timeout rate! System (port 8080) may be under a SYN flood attack!
Jan 27 10:44:37 VGUV30 ip: [ID 995438 kern.warning] WARNING: High TCP connect timeout rate! System (port 8080) may be under a SYN flood attack!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
I don't have access to Oracle portal to download patch 119999 so guess I have to tune the parameter
  https://download.oracle.com/sunalerts/1000654.1.html

Author

Commented:
showrev -p   indicates we already have 119999-03 patch installed.

So had to look to other options to fix this:
do provide specific commands (ndd -set   ...)
Fractional CTO
Distinguished Expert 2018
Commented:
Seems like whatever is listening on port 8080 is either slow or dead.

Take a look at your connections + make sure you have an 8080 listener + then load test whatever this listener might be to determine the problem.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial