Answer the question
In order to leave comments, you need to log in
Why are there many invalid addresses in netstat's response?
The production server has a java application that accepts tcp connections. At some point, they began to notice that new connections to the server could not be established, while already connected users normally work with the service. The situation continues for a week or two, does not occur constantly. From suspicious, netstat gives a bunch of 'invalid addresses' at the time when the server does not allow connections.
We tried to transfer the service to another server and another distribution kit, the situation did not change. A similar service deployed for a different audience does not suffer from such problems.
How can you understand if this is a spoof or some kind of ddos, or just problems with the service?
> uname -a
Linux xxx.xxx.xxx 2.6.32-18-pve #1 SMP Mon Jan 21 12:09:05 CET 2013 x86_64 x86_64 x86_64 GNU/Linux
> cat /etc/issue
CentOS release 6.4 (Final)
Kernel \r on an \m
> nestat -s
Ip:
34710709 total packets received
189 with invalid headers
272868 with invalid addresses
0 forwarded
0 incoming packets discarded
34251161 incoming packets delivered
24456227 requests sent out
Answer the question
In order to leave comments, you need to log in
Very similar to spoofed requests. It's pretty hard to check, actually. If changing the server did not help and these requests do not eat up a lot of resources, then you can simply ignore them, because by default such packets are dropped.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question