From owner-freebsd-current@FreeBSD.ORG Wed Oct 6 06:03:39 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E92AF16A4CE for ; Wed, 6 Oct 2004 06:03:39 +0000 (GMT) Received: from mail.paymentonline.com (mx2.sea.paymentonline.com [69.25.136.10]) by mx1.FreeBSD.org (Postfix) with SMTP id 800E643D5A for ; Wed, 6 Oct 2004 06:03:39 +0000 (GMT) (envelope-from freebsd@paymentonline.net) Received: (qmail 29132 invoked from network); 6 Oct 2004 06:01:47 -0000 Received: from evrtwa1-ar10-4-43-174-203.evrtwa1.dsl-verizon.net (HELO home) (4.43.174.203) by mail.paymentonline.com with SMTP; 6 Oct 2004 06:01:47 -0000 Message-ID: <044d01c4ab6a$4b1f44c0$0500a8c0@home> From: "freebsd" To: References: <20041006041104.GK15774@atlantis.ccs.neu.edu> Date: Tue, 5 Oct 2004 23:04:08 -0700 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Subject: BETA6 kern.maxfiles messages X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Oct 2004 06:03:40 -0000 I'm suspicious someone was trying to probe or dos this server, but if there is some other possible explanation, and since I have only seen this on a 5.3 BETA box I thought I would post it here. It looks to me like someone was trying to do a small dos attack perhaps? Today I had these messages in dmesg.today: kern.maxfiles limit exceeded by uid 70, please see tuning(7). kern.maxfiles limit exceeded by uid 88, please see tuning(7). ...................... The offending processes are: # ps 88 PID TT STAT TIME COMMAND 88 ?? IL 0:00.00 [nfsiod 3] # ps 70 PID TT STAT TIME COMMAND 70 ?? WL 0:08.60 [swi3: cambio] This is what kern.maxfiles looks like under normal operation. This server doesn't vary that much in traffic and these numbers shouldn't go up or down too much. I have apache/mod_perl and postgresql running and that is about it. Maybe a little bit of variation in maxfiles is normal, but I can't think of what would open up almost 12,000 extra files. # sysctl kern.maxfiles kern.maxfiles: 12328 # sysctl kern.openfiles kern.openfiles: 492