Date: Mon, 13 Aug 2001 17:10:10 -0300 From: "Daniel C. Sobral" <daniel.sobral@tcoip.com.br> To: Barry Irwin <bvi@devco.net> Cc: incidents@securityfocus.org, net@freebsd.org Subject: Re: FreeBSD NATd problems Message-ID: <3B783422.4010201@tcoip.com.br> References: <20010813213216.I684@itouchlabs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Do you, by any chance, have a Microsoft IIS server running? Barry Irwin wrote: > Hi All > > Just wondering if anyone else has experiance the following problem: > > I have a number of networks running with FreeBSD firewalls providing a > nat service to a number of hosts behind the wall itself. Both outgoing nat, > and port_redirection is provided. THis has been running stabily for over a > year. However in the last 10 days I have had a number of these natd > mprocesses suddenly bloat ( looking at 48Megs upwards when they normally sit > at around 700K-1Meg. Ping times to the firewalls ( infact any packets > passing through the natd process are delayed, it seems to suffer a type of > exponential decay, with the highest delay I have recorded being in the order > of 240 seconds! > > At this kind of latency, network connectivity is non existant. One of the > first signs of an impending slowdown is that DNS starts timing out. The > firewalls are running prettey standard martian filters ( see > Darft-manning-dusa03.txt) to filter out the majority of the cruft floating > around. > > This has sofar impacted 4.0-Release, 4.1-RELEASE as well as 4.3-STABLE. > Reviews of tcpdumps collected once slowdown has been noticed do not show any > signs of strange activity. What I am wondering is , is there some new > Scanning /DoS tool, which is causing natd to get its data structures in a > knot, and thereby grow massively, in addition to the slowdown. > > Without having looked at the data structures in detail, it appears as tho > there is a long linked list, that is getting exponentially grown, and > therby accounting for the increas in memory usage, as well as the massively > increased latency caused by performing lookups in the data structure chain. > > So back to the question, has anyone else hear/experianced/seen this ? > > Barry > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > -- Daniel C. Sobral (8-DCS) Daniel.Sobral@tcoip.com.br dcs@newsguy.com dcs@freebsd.org capo@notorious.bsdconspiracy.net An exotic young lady named Suki Once danced in a troupe of kabuki When asked for a fuck She said, "Solly, no luck-- See here: looky looky, no nuki " To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B783422.4010201>