Date: Wed, 21 May 2003 10:03:08 +0800 From: Eugene Grosbein <eugen@kuzbass.ru> To: "Saulius Menkevičius" <razzmatazz@mail.lt> Cc: net@freebsd.org Subject: Re: lots of sockets in TIME_WAIT Message-ID: <3ECADE5C.EC1A2630@kuzbass.ru> References: <E19IDku-0000CA-Et@midway.tamsa>
next in thread | previous in thread | raw e-mail | index | archive | help
"Saulius Menkevičius" wrote: > > Hi there, > > I have some DDOS(?) attack on my router going where my apache HTTP > server is flooded with short-timed connections from some host. This > results in LOTS of sockets in TIME_WAIT/LAST_ACK/CLOSING states and > eventually I'm out of mbufs, which, consequently means I can't even > connect to the router from LAN. The kern.ipc.nmbclusters is 2560, (I > guess high enough for router with DSL connection). > After some time all mbufs are depleted (system says "All mbuf > cluster exhausted"). However, unexpectedly the system panics shortly > in about 10 minutes (+/-) with: > /kernel: All mbuf cluster exhausted, please see tuning(7) > /kernel: looutput: mbuf allocation failed > /kernel: panic: sbappendaddr > /kernel: > /kernel: syncing disks.... > . > . > I don't think this behaviour (a panic) is normal. This crash is > happens often when I'm under such attack and I guess I can easily > give crash dump, kgdb output or something like, if you need. > System is running 4.8-RELEASE, on iPentium166/mmx with 64MB of RAM. > 4 NICs, BRIDGE on two of them. > > Thanks for any response.. I agree with you. I've got crashdump for mbuf-related kernel panic (sbappendaddr), see http://www.FreeBSD.org/cgi/query-pr.cgi?pr=kern/50803 I believe a kernel must not panic due to DoS. Eugene Grosbein
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3ECADE5C.EC1A2630>