ERROR:
Feb 7 12:44:18 web xinetd[28330]: Deactivating service ftp due to excessive incoming connections. Restarting in 30 seconds.
Feb 7 12:44:18 web proftpd[21228]: web.example.com (23.4.3.5[23.4.3.5]) - FTP session closed.
Feb 7 12:44:18 web proftpd[21232]: web.example.com (23.4.3.5[23.4.3.5]) - FTP session closed.
Feb 7 12:44:18 web proftpd[21230]: web.example.com (23.4.3.5[23.4.3.5]) - FTP session closed.
Feb 7 12:44:18 web proftpd[21231]: web.example.com(23.4.3.5[23.4.3.5]) - FTP session closed.
Feb 7 12:44:28 web proftpd[21229]: logs.example.com (23.4.3.5[23.4.3.5]) - FTP session opened.
Feb 7 12:44:28 web proftpd[21229]: logs.example.com(23.4.3.5[23.4.3.5]) - FTP session closed.
Feb 7 12:44:48 web xinetd[28330]: Activating service ftp
Answer:
Overview:
By default, RedHat servers are configured to accept 25 incoming connections per second. If the number of incoming connections exceed 25 per second, the service will be temporarily disabled. The cps directive in the /etc/xinetd.conf file dictates how many connections per second are allowed and the number of seconds to elapse before re-enabling the service.
Troubleshooting:
Check the /var/log/messages for any error messages and check the cps setting in the /etc/xinetd.conf file.
Log Files:
The /var/log/messages file will show the error:
xinetd[1225]: Deactivating service bpcd due to excessive incoming connections. Restarting in 30 seconds.
Resolution:
Increase the number of connections per second allowed by xinetd.
To increase the number of connections per second allowed by xinetd, edit the /etc/xinetd.conf file. In the following example, the number of incoming connections per second has been increased from the default of 25 to 35. (bold added for clarity)
#
# Simple configuration file for xinetd
#
# Some defaults, and include /etc/xinetd.d/
defaults
{
instances = 60
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 35 30
}
includedir /etc/xinetd.d
It will be necessary to restart xinetd for the changes to take effect.
# /etc/rc.d/init.d/xinetd restart
=====================================================================
=====================================================================
REFERENCE
http://seer.entsupport.symantec.com/docs/275357.htm
http://unixwiz.net/evo/evo-linuxdb-setup.html
Feb 7 12:44:18 web xinetd[28330]: Deactivating service ftp due to excessive incoming connections. Restarting in 30 seconds.
Feb 7 12:44:18 web proftpd[21228]: web.example.com (23.4.3.5[23.4.3.5]) - FTP session closed.
Feb 7 12:44:18 web proftpd[21232]: web.example.com (23.4.3.5[23.4.3.5]) - FTP session closed.
Feb 7 12:44:18 web proftpd[21230]: web.example.com (23.4.3.5[23.4.3.5]) - FTP session closed.
Feb 7 12:44:18 web proftpd[21231]: web.example.com(23.4.3.5[23.4.3.5]) - FTP session closed.
Feb 7 12:44:28 web proftpd[21229]: logs.example.com (23.4.3.5[23.4.3.5]) - FTP session opened.
Feb 7 12:44:28 web proftpd[21229]: logs.example.com(23.4.3.5[23.4.3.5]) - FTP session closed.
Feb 7 12:44:48 web xinetd[28330]: Activating service ftp
Answer:
Exact Error Message
xinetd[1225]: Deactivating service bpcd due to excessive incoming connections. Restarting in 30 seconds.
Details:xinetd[1225]: Deactivating service bpcd due to excessive incoming connections. Restarting in 30 seconds.
Overview:
By default, RedHat servers are configured to accept 25 incoming connections per second. If the number of incoming connections exceed 25 per second, the service will be temporarily disabled. The cps directive in the /etc/xinetd.conf file dictates how many connections per second are allowed and the number of seconds to elapse before re-enabling the service.
Troubleshooting:
Check the /var/log/messages for any error messages and check the cps setting in the /etc/xinetd.conf file.
Log Files:
The /var/log/messages file will show the error:
xinetd[1225]: Deactivating service bpcd due to excessive incoming connections. Restarting in 30 seconds.
Resolution:
Increase the number of connections per second allowed by xinetd.
To increase the number of connections per second allowed by xinetd, edit the /etc/xinetd.conf file. In the following example, the number of incoming connections per second has been increased from the default of 25 to 35. (bold added for clarity)
#
# Simple configuration file for xinetd
#
# Some defaults, and include /etc/xinetd.d/
defaults
{
instances = 60
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 35 30
}
includedir /etc/xinetd.d
It will be necessary to restart xinetd for the changes to take effect.
# /etc/rc.d/init.d/xinetd restart
=====================================================================
=====================================================================
- cps
- This sets yet a third limitation on the connection rate: if xinetd receives too many connections from one source within a one-second period, it considers something wrong (such as an attack) and will disable the service for a short period with a message in the logfile:
- Jan 9 14:20:15 evolinux xinetd[2622]: Deactivating service gds_db due to excessive incoming connections. Restarting in 30 seconds.
- We set the value 200 5, which disabled the service for 5 seconds if 200 connections arrive per second.
REFERENCE
http://seer.entsupport.symantec.com/docs/275357.htm
http://unixwiz.net/evo/evo-linuxdb-setup.html
