http://www.frozentux.net/ipsysctl-tutorial/chunkyhtml/tcpvariables.html

I know this isn't the lightest of reading, but sometimes TCP/IP can do some mighty odd things.

The "root cause" might be attackers doing some SYN attack, or it could be "bad code" - not necessarily even badly written code, just code that's in place which you might not realize is in place. Ajax for example.

So, with the following knowledge in hand, one might try tweaking tcp settings by first reviewing, then changing, various settings in the pseudo-files in /proc/sys/net/core/ and /proc/sys/net/ipv4/ such as tcp_fin_timeout

# cat /proc/sys/net/ipv4/tcp_fin_timeout 60 # echo "15" > /proc/sys/net/ipv4/tcp_fin_timeout # cat /proc/sys/net/ipv4/tcp_fin_timeout 15

Remember - any changes you make to settings in /proc/sys/net will go live instantly, but they're transient - they'll be lost if you reboot.

You will want to google the various terms above for additional info. Results like the following are awesome, providing recommendations for which things to focus on:

Topic revision: r2 - 2012.11.07 - PaulReiber
 
Copyright © is by author. All material on this collaboration platform is the property of its contributing author.