Date: Tue, 20 May 2003 13:18:04 -0700 (PDT) From: Doug White <dwhite@gumbysoft.com> To: =?X-UNKNOWN?Q?Saulius_Menkevi=E8ius?= <razzmatazz@mail.lt> Cc: freebsd-stable@freebsd.org Subject: Re: lots of sockets in TIME_WAIT Message-ID: <20030520131538.M9634@carver.gumbysoft.com> In-Reply-To: <E19IDku-0000CA-Et@midway.tamsa> References: <E19IDku-0000CA-Et@midway.tamsa>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 20 May 2003, Saulius Menkevi=E8ius wrote: > I have some DDOS(?) attack on my router going where my apache HTTP > server is flooded with short-timed connections from some host. This > results in LOTS of sockets in TIME_WAIT/LAST_ACK/CLOSING states and > eventually I'm out of mbufs, which, consequently means I can't even > connect to the router from LAN. The kern.ipc.nmbclusters is 2560, (I > guess high enough for router with DSL connection). TIME_WAIT is normal for a server. LAST_ACK/CLOSING looks like packet loss. Is your outbound link overloaded normally, or from the DoS? Can you block the host? :) > =09After some time all mbufs are depleted (system says "All mbuf > cluster exhausted"). However, unexpectedly the system panics shortly > in about 10 minutes (+/-) with: Then increase the mbufs & clusters. Did you read the tuning man page? --=20 Doug White | FreeBSD: The Power to Serve dwhite@gumbysoft.com | www.FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030520131538.M9634>