Date: Wed, 17 Nov 2004 19:31:56 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Doug White <dwhite@gumbysoft.com> Cc: simon@FreeBSD.org Subject: Re: sshd stops accepting connections Message-ID: <20041118033156.GA37856@xor.obsecurity.org> In-Reply-To: <20041117191632.Y29048@carver.gumbysoft.com> References: <000401c4c95a$e6287ff0$e001a8c0@p4> <20041117191632.Y29048@carver.gumbysoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--pWyiEgJYm5f9v55/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 17, 2004 at 07:19:21PM -0800, Doug White wrote: > This is the kicker -- sshd couldn't fork because somethnig went berzerk. >=20 > > Nov 11 13:49:54 www kernel: Limiting closed port RST response from 212 = to > > 200 packets/sec >=20 > This looks a lot like a SYN flood on some daemon that fork()s each > connection but doesn't have any limits. >=20 > The disk error could certainly be related, although I'm not sure > why it would cause something to spike up and hit maxproc. Often the processes running on the machine will block while waiting for the disk to time out (i.e. if they're also attempting to use the disk, typical for a webserver) ..if the machine is reasonably busy, there could be a lot of pending connections that are suddenly processed when the drive resets. Kris --pWyiEgJYm5f9v55/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBnBesWry0BWjoQKURAiYqAKC0o7ctcIT9Ys66D94sAyWQwpnn6ACgrRNA X2BUkU/wOMnw88l3Fq6KXFM= =HeXz -----END PGP SIGNATURE----- --pWyiEgJYm5f9v55/--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041118033156.GA37856>