Date: Thu, 02 Nov 2000 16:27:55 -0700 From: Colin Faber <cfaber@fpsn.net> To: Buliwyf McGraw <buliwyf@libertad.univalle.edu.co> Cc: security@FreeBSD.ORG Subject: Re: DOS attack II Message-ID: <3A01F87B.9E31FA26@fpsn.net> References: <Pine.BSF.4.21.0011021753550.20146-100000@libertad.univalle.edu.co>
next in thread | previous in thread | raw e-mail | index | archive | help
Sounds like someone tried to ping flood you, Buliwyf McGraw wrote: > > Have you checked your squid logs for the times when server load goes too > > high? > > It was the first thing we did... but there is not something different > or strange in the logs... i check the /var/log/messages and the squid > logs... the only special thing was what i told you: > "icmp_request bandwidth limit 105/100 pps" > Nothing more. > > > Just a wild guess, but you may have an open HTTP proxy, being abused by > > people who get paid for each click on a banner. > > The proxy isn't open. It is only for my domain... the problem maybe is > that we have much users... but anyway, the proxy was working good until > some weeks ago. > > > What is the source of the squid connections? > > All my intranet (only) do the requests. Internet give us the answers. > > The next time, when the problems come back, i gonna use tcpdump to check > what is coming to the interface... i will use ttt to see what is the > protocol with more load in the segment... and then i expect get > something about the problem. > > Thanks for Any coment... > > > > On Thu, 2 Nov 2000, Buliwyf McGraw wrote: > > > > > > > > I was researching about the last incidents on the machine with the > > > system load problem (possible attack) ... > > > I get this: the service which crash the server when the problem > > > starts is the famous "squid". > > > Normal days, the squid is running without problems and the load of > > > the server is 0.5 (average), the required cputime for the program > > > is 20%. Then the world is beatiful. > > > But, when we have a bad day... the squid need 90% 95% 100% cputime > > > and the load of the server jump until crash. The interrupts are too > > > big in these moments. > > > If i quit the network cable from the server... the load dissapear and > > > everything is rigth, but, if i put the network cable again... booom!!! > > > > > > The problem isnt everyday, is just sometimes, somedays... few hours. > > > > > > Thanks for any comment or sugestion... ;) > > > > ======================================================================= > Buliwyf McGraw > Administrador del Servidor Libertad > Centro de Servicios de Informacion > Universidad del Valle > ======================================================================= > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A01F87B.9E31FA26>