Forum Discussion
Hannes_Rapp
Mar 06, 2018Nimbostratus
Connections can be deleted as follows from the command line
tmsh delete sys connection cs-server-addr i.i.i.i cs-server-port pn
. Replace i.i.i.i
with IP address of the virtual server and pn
with port number of virtual server. This will delete all client-side connections to a particular Virtual Server.
If the connections are re-initiated, you need to do more investigation. It could be a DOS attack that aims to exhaust your connection tables. If so, consider reducing TCP idle timeout value in the profile that is applied to your Virtual Server. Alternatively, just block malicious source IP addresses at your perimeter firewall.
Sometimes poor monitoring systems can cause connection over-flooding, and sometimes security scans can do the same. But if there are 400+ unique IP addresses that are not doing any meaningful activity, it's most likely an attack.