Need Help My Server Got so many CLOSE_WAIT Connections

I need help because my linux ubuntu server are getting too many SQL connections, and when I checked using netstat -t there are many connections like these:

tcp6 1 0 CLOSE_WAIT 
tcp6 1 0 CLOSE_WAIT 
tcp6 1 0 CLOSE_WAIT 
tcp6 0 0 157-171-172-163.r:44102 CLOSE_WAIT 
tcp6 0 0 vmi80876.contabo.:46980 CLOSE_WAIT 
tcp6 0 531 LAST_ACK 
tcp6 0 0 CLOSE_WAIT 
tcp6 1 0 157-171-172-163.r:36082 CLOSE_WAIT 
tcp6 0 0 157-171-172-163.r:33698 CLOSE_WAIT 
tcp6 0 0 157-171-172-163.r:59778 CLOSE_WAIT 
tcp6 0 0 157-171-172-163.r:51166 CLOSE_WAIT 
tcp6 0 0 vmi80876.contabo.:49693 CLOSE_WAIT 
tcp6 0 0 CLOSE_WAIT 
tcp6 1 0 157-171-172-163.r:53266 CLOSE_WAIT 
tcp6 0 639 LAST_ACK 
tcp6 1 0 CLOSE_WAIT 

and still hundreds or more like that

And no matter how many times I restarted the server or disconnect and reconnect. Those strage connections keeps appearing and appearing again.

Here’s what I’ve tried:
– I cannot block those incoming connections from linux firewall because everytime I want to block them, there are errors such as “157-171-172-163.r not found” Then how in the world I can block this IPs from trying to connect to my server?
– I cannot kill those process on MySQL Workbench because there are errors “Cannot kill threads 0” or something like that

[Update] Other helpful advice from other forum point that this might be SYN Flood Attack


You are being down-voted because you have not taken the time to research the technologies that you are trying to troubleshoot. Effectively, if you don’t take the time, why should we take time to help you?

A TCP socket in CLOSE_WAIT state means that your server has received a request to close a connection (FIN) from a client and the server has sent an Acknowledgement (ACK) in response. In the CLOSE_WAIT state, the TCP stack is waiting on the application to indicate that it is finished with the connection, at which point a FIN can be sent by the server and the socket transition to the LAST_ACK state.

Now, if you are seeing each CLOSE_WAIT socket hang around for a while, then that indicates that your webserver is not able to release connections fast enough. If the CLOSE_WAIT requests disappear quickly, then you probably just have a lot of web traffic on your server. Blanket blocking IP addresses from reaching your (publicly available) web server just because you don’t understand how something works seems a bit silly.

Source : Link , Question Author : pasaisea , Answer Author : Mark Riddell

Leave a Comment