I have one ip that connects, establishes a tcp connection, but stays idle and never disconnects. I have 38 of them at this time. I thought there was a limit on connections ? How can I block this guy and or disconnect the connections. This is docker on macos.
how do you know it’s not used for something…
lots of stuff opens up multiple connections… because it takes a little extra time to create a new connection, then keeping them on hand help to reduce latency… fairly common practice in networking to my understanding…
i would be very careful before starting blocking stuff right an left if you aren’t sure what you are doing…
especially if you have production stuff like say a storagenode you want to be functioning, ofc the storagenode shouldn’t utilize a lot of other network ports rather than those specified during the install.
however does in my case run on docker which apparently creates its own subnet, / network with each docker instance having an ip and doing something on that local network… so could be stuff like that you are seeing…
Thanks for the reply but application don’t normally do that and storagenode doesn’t. There are no other addresses that keep a connection to storagenode for more than a few seconds. If it didn’t happen so slowly I would call it a DOS attack but it only adds a connection every few minutes.
Nettop shows the (and netstat) shows the connections and how much data are passed. Eventually I can get over a hundred tcp connections from this one address.