Date: Tue, 20 May 2003 22:33:47 +0200 From: Saulius Menkevičius <razzmatazz@mail.lt> To: <freebsd-stable@freebsd.org> Subject: lots of sockets in TIME_WAIT Message-ID: <E19IDku-0000CA-Et@midway.tamsa>
next in thread | raw e-mail | index | archive | help
=09Hi there, I have some DDOS(?) attack on my router going where my apache= HTTP server is flooded with short-timed connections from some host.= This results in LOTS of sockets in TIME_WAIT/LAST_ACK/CLOSING states= and eventually I'm out of mbufs, which, consequently means I can't= even connect to the router from LAN. The kern.ipc.nmbclusters is 2560,= (I guess high enough for router with DSL connection). =09After some time all mbufs are depleted (system says "All mbuf cluster exhausted"). However, unexpectedly the system panics= shortly in about 10 minutes (+/-) with: /kernel: All mbuf cluster exhausted, please see tuning(7) /kernel: looutput: mbuf allocation failed /kernel: panic: sbappendaddr /kernel: /kernel: syncing disks.... . . =09I don't think this behaviour (a panic) is normal. This crash is= happens often when I'm under such attack and I guess I can easily= give crash dump, kgdb output or something like, if you need. =09System is running 4.8-RELEASE, on iPentium166/mmx with 64MB of= RAM. 4 NICs, BRIDGE on two of them. =09Thanks for any response.. P.S. (is there some sysctl oid for setting TIME_WAIT duration?) -- Saulius Menkevicius, razzmatazz@mail.lt on 05.20.2003
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E19IDku-0000CA-Et>