Date: Sat, 18 Aug 2001 12:45:38 -0400 From: Jan Knepper <jan@digitaldaemon.com> To: "Michael C. Wu" <keichii@iteration.net> Cc: FreeBSD ISP <FreeBSD-ISP@freebsd.org> Subject: Re: slashdotted: /kernel: xl0: no memory for rx list -- packet dropped! Message-ID: <3B7E9BB2.4040709@digitaldaemon.com> References: <B7A3FE84.F61%keichii@iteration.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--------------080205020404080505060208
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
>
>
>>tcp4 0 15360 63.105.9.61.20 193.124.148.213.1598 LAST_ACK
>>tcp4 0 15360 63.105.9.61.20 193.124.148.213.1597 LAST_ACK
>>tcp4 0 15360 63.105.9.61.20 193.124.148.213.1556 LAST_ACK
>>tcp4 0 15360 63.105.9.61.20 193.124.148.213.1553 LAST_ACK
>>tcp4 0 15360 63.105.9.61.20 203.195.181.4.1440 LAST_ACK
>>
>>I am sure this has been in there the last at least 24 hours and I can
>>see nothing is happening. I suspect that this is because of the no
>>memory for rx list, but I am not quite sure. I was kinda a cool feeling
>>though that FreeBSD didn't give up, but still runs!!!
>>
>I think you might have been attacked by a well-known attack, simply named
>the LAST_ACK attack. It puts our TCP state machine into whack by not
>sending the proper TCP states. There is no way around it.
>
<grrr>
It there a way to find out when these connections where setup? Or how
long they have been open?
>>Is there anyway to clean this up without having to reboot the system?
>>
>I don't know. :)
>
Is there somebody who does/might?
Jan
--------------080205020404080505060208
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<html>
<head>
</head>
<body>
<blockquote type="cite" cite="mid:B7A3FE84.F61%25keichii@iteration.net">
<blockquote type="cite">
<pre wrap="">tcp4 0 15360 63.105.9.61.20 193.124.148.213.1598 LAST_ACK<br>tcp4 0 15360 63.105.9.61.20 193.124.148.213.1597 LAST_ACK<br>tcp4 0 15360 63.105.9.61.20 193.124.148.213.1556 LAST_ACK<br>tcp4 0 15360 63.105.9.61.20 193.124.148.213.1553 LAST_ACK<br>tcp4 0 15360 63.105.9.61.20 203.195.181.4.1440 LAST_ACK<br><br>I am sure this has been in there the last at least 24 hours and I can<br>see nothing is happening. I suspect that this is because of the no<br>memory for rx list, but I am not quite sure. I was kinda a cool feeling<br>though that FreeBSD didn't give up, but still runs!!!<br></pre>
</blockquote>
<pre wrap=""><!---->I think you might have been attacked by a well-known attack, simply named<br>the LAST_ACK attack. It puts our TCP state machine into whack by not<br>sending the proper TCP states. There is no way around it.</pre>
</blockquote>
<grrr><br>
It there a way to find out when these connections where setup? Or how long
they have been open?<br>
<blockquote type="cite" cite="mid:B7A3FE84.F61%25keichii@iteration.net">
<blockquote type="cite">
<pre wrap="">Is there anyway to clean this up without having to reboot the system?<br></pre>
</blockquote>
<pre wrap=""><!---->I don't know. :)<br></pre>
</blockquote>
Is there somebody who does/might?<br>
<br>
Jan<br>
<br>
</body>
</html>
--------------080205020404080505060208--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B7E9BB2.4040709>