RE: TCP session disconnection caused by Code Red?

I can see “connection refused” being caused by lack of resources (memory, not CPU) caused by ARP requests not being resolved and waiting to time out.

What happens is that all the outstanding ARP requests use up all available memory, so no buffers can be allocated for new incoming connections. Send enough requests fast enough, looking for enough different IP’s, memory gets exhausted.

Been there, seen it happen, tweaked the WellFleet/Bay/Nortel knob to limit the amount of space used for ARP resolution, and solved the problem caused by too many outstanding ARPs. Of course, I could have stuffed in more memory, but limiting the space used for the process was easier.

James H. Smith II NNCDS NNCSE
Systems Engineer
The Presidio Corporation

I can see "connection refused" being caused by lack of resources (memory,
not CPU) caused by ARP requests not being resolved and waiting to time out.

Ok, I can see that everbody is comming up with this idea. But this does not
explain why *all other* connections through this same router work just fine.
Only incoming connections from our upstream fail. And no, there were not many
outstanding ARP requests.

Blaz Zupan, Medinet d.o.o, Trzaska 85, SI-2000 Maribor, Slovenia
E-mail: blaz@amis.net, Tel: +386-2-320-6320, Fax: +386-2-320-6325