From owner-freebsd-questions  Sun May 17 15:21:09 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA01520
          for freebsd-questions-outgoing; Sun, 17 May 1998 15:21:09 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from caladan.tdx.co.uk (caladan.tdx.co.uk [195.188.177.4])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA01403
          for <freebsd-questions@FreeBSD.ORG>; Sun, 17 May 1998 15:20:49 -0700 (PDT)
          (envelope-from kpielorz@tdx.co.uk)
Received: from tdx.co.uk (lorca-tx.tdx.co.uk [195.188.177.242])
	by caladan.tdx.co.uk (8.8.8/8.8.8) with ESMTP id WAA13995;
	Sun, 17 May 1998 22:38:57 +0100 (BST)
	(envelope-from kpielorz@tdx.co.uk)
Message-ID: <355F58EE.1A59667A@tdx.co.uk>
Date: Sun, 17 May 1998 22:38:54 +0100
From: Karl Pielorz <kpielorz@tdx.co.uk>
Organization: TDX
X-Mailer: Mozilla 4.05 [en] (WinNT; I)
MIME-Version: 1.0
To: MP <mlistbsd@icorp.net>
CC: freebsd-questions@FreeBSD.ORG
Subject: Re: too many open files problem
References: <3.0.1.32.19980517145521.0069e5b4@icorp.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

MP wrote:
> 
> Greetings,
> 
> I'm running into a problem with FreeBSD 2.2.6.
> 
> I have two Class C's on my network and recently a hacker tunnelled into the
> backbone and masqueraded under an unused IP in my subnet to do spamming.
> As a result, I opted to bind all my IP addresses - used or not, to one of
> my servers.  So I have about 400 or so IPs bound.  When I boot FBSD 2.2.6,
> everything works, but if I -HUP the nameserver, I get this in the messages
> log:
> 
> May 17 14:29:37 mysys named[1266]: starting.  named 4.9.6-REL Wed Mar 25
> 00:29:
> 44 GMT 1998     jkh@time.cdrom.com:/usr/obj/usr/src/usr.sbin/named
> May 17 14:29:37 mysys named[1266]: fcntl(dfd, F_DUPFD, 20): Too many open
> files
> May 17 14:29:37 mysys last message repeated 15 times

Hi,

How did they manage to 'masquerade' on your network? - It may be easier /
better to block that (i.e. drop sourceroutes, firewall modem users from your
own machines etc.) - than binding all the addresses...

If you look in your kernel - and see how many 'USERS' the kernel is set to,
this is the 'easy' way to increase the total number of files available... If
that's not at 256 try setting it to 256, otherwise theres a few other things
you can do - which someone else will probably suggest...

Regards,

Karl Pielorz

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message