From owner-freebsd-stable@FreeBSD.ORG  Wed Aug 20 13:07:56 2003
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 357F816A4BF
	for <stable@freebsd.org>; Wed, 20 Aug 2003 13:07:56 -0700 (PDT)
Received: from mizar.origin-it.net (mizar.origin-it.net [194.8.96.234])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B3ADE43FBD
	for <stable@freebsd.org>; Wed, 20 Aug 2003 13:07:54 -0700 (PDT)
	(envelope-from Helge.Oldach@atosorigin.com)
Received: from matar.hbg.de.int.atosorigin.com (dehsfw3e.origin-it.net
	[194.8.96.68])h7KK7qKt005786
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Wed, 20 Aug 2003 22:07:52 +0200 (CEST)
	(envelope-from Helge.Oldach@atosorigin.com)
Received: from dehhx004.hbg.de.int.atosorigin.com
	(dehhx004.hbg.de.int.atosorigin.com [161.90.164.40])
	ESMTP id h7KK7qK7071244;	Wed, 20 Aug 2003 22:07:52 +0200 (CEST)
	(envelope-from Helge.Oldach@atosorigin.com)
Received: by dehhx004.hbg.de.int.atosorigin.com with Internet Mail Service
	(5.5.2653.19)	id <QBQSV1GS>; Wed, 20 Aug 2003 22:07:52 +0200
Message-ID: <D2CFC58E0F8CB443B54BE72201E8916E94C9E1@dehhx005.hbg.de.int.atosorigin.com>
From: "Oldach, Helge" <Helge.Oldach@atosorigin.com>
To: "'tarkhil@over.ru'" <tarkhil@over.ru>, stable@freebsd.org
Date: Wed, 20 Aug 2003 22:07:43 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: Strange fork-related problem: acutally, virus-related
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Aug 2003 20:07:56 -0000

From: tarkhil@over.ru [mailto:tarkhil@over.ru]
> On Wed, Aug 20, 2003 at 01:12:51PM +0400, tarkhil@over.ru wrote:
> > 10-20 minutes of work. New processes doesn't create anymore, process
trying
> > to fork looks in top having -20 PRI and "temp" STATE. I was unable to
find
> 
> I've got infected computers in my network. When ipnat mapping 
> table grew to
> 39000+ entries, described effect appeared. 
> 
> Anyway, it should not behave that way.

Should it? Worms are known to be a NAT killer on dedicated routing
platforms. I am
facing customers every other day complaining about their Cisco router
performance
which usually turns out to be caused by virii. (In particular these days.)

Sure it shouldn't be, but that's fighting the symptom, not the root cause.

Helge