Date: Tue, 20 May 2003 22:33:47 +0200 From: Saulius Menkevičius <razzmatazz@mail.lt> To: <freebsd-stable@freebsd.org> Subject: lots of sockets in TIME_WAIT Message-ID: <E19IDku-0000CA-Et@midway.tamsa>
next in thread | raw e-mail | index | archive | help
Hi there, I have some DDOS(?) attack on my router going where my apache HTTP server is flooded with short-timed connections from some host. This results in LOTS of sockets in TIME_WAIT/LAST_ACK/CLOSING states and eventually I'm out of mbufs, which, consequently means I can't even connect to the router from LAN. The kern.ipc.nmbclusters is 2560, (I guess high enough for router with DSL connection). After some time all mbufs are depleted (system says "All mbuf cluster exhausted"). However, unexpectedly the system panics shortly in about 10 minutes (+/-) with: /kernel: All mbuf cluster exhausted, please see tuning(7) /kernel: looutput: mbuf allocation failed /kernel: panic: sbappendaddr /kernel: /kernel: syncing disks.... . . I don't think this behaviour (a panic) is normal. This crash is happens often when I'm under such attack and I guess I can easily give crash dump, kgdb output or something like, if you need. System is running 4.8-RELEASE, on iPentium166/mmx with 64MB of RAM. 4 NICs, BRIDGE on two of them. Thanks for any response.. P.S. (is there some sysctl oid for setting TIME_WAIT duration?) -- Saulius Menkevicius, razzmatazz@mail.lt on 05.20.2003
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E19IDku-0000CA-Et>