FreeBSD Mail Archives

Date:      Sun, 19 Aug 2001 16:51:24 -0400
From:      Jan Knepper <jan@digitaldaemon.com>
To:        FreeBSD Hackers <hackers@freebsd.org>
Subject:   [Fwd: Re: slashdotted: /kernel: xl0: no memory for rx list -- packet	dropped!]
Message-ID:  <3B8026CC.9090805@digitaldaemon.com>

next in thread | raw e-mail | index | archive | help


--------------060100050103050904050209
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hi!

Does anyone here know what to do about this?

Thanks!
Jan



-------- Original Message --------
From: - Sat Aug 18 12:19:58 2001
X-UIDL: 998151141.23696.digitaldaemon.com,S=3760
X-Mozilla-Status: 0013
X-Mozilla-Status2: 00000000
Return-Path: <keichii@iteration.net>
Delivered-To: jan@digitaldaemon.com
Received: (qmail 23693 invoked from network); 18 Aug 2001 16:12:20 -0000
Received: from unknown (HELO sm4.texas.rr.com) (root@24.93.35.211) by 
digitaldaemon.com with SMTP; 18 Aug 2001 16:12:20 -0000
Received: from [192.168.0.138] (cs6668179-144.austin.rr.com 
[66.68.179.144]) by sm4.texas.rr.com (8.12.0.Beta5/8.12.0.Beta5) with 
ESMTP id f7IGE8KE018133; Sat, 18 Aug 2001 11:14:08 -0500
User-Agent: Microsoft-Outlook-Express-Macintosh-Edition/5.02.2022
Date: Sat, 18 Aug 2001 11:14:12 -0500
Subject: Re: slashdotted: /kernel: xl0: no memory for rx list -- packet 
dropped!
From: "Michael C. Wu" <keichii@iteration.net>
To: Jan Knepper <jan@digitaldaemon.com>, FreeBSD ISP 
<FreeBSD-ISP@freebsd.org>
Message-ID: <B7A3FE84.F61%keichii@iteration.net>
In-Reply-To: <3B7E9205.7010604@digitaldaemon.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit



on 08/18/2001 11:04 AM, Jan Knepper at jan@digitaldaemon.com wrote:
> Last Thursday one of the sites I host got slashdotted
> (http://www.slashdot.com/) and amazingly FreeBSD 4.3 on PIII 600 Mhz
> with 128 MB RAM took the load gracefully. I.e. until around 5 PM EST
> when I got messages like:

This should a good enough system.
 
> /kernel: xl0: no memory for rx list -- packet dropped!
> 
> at the console...
> 
> So what I did is, I terminated some of the daemon's that were not really
> used as a couple of httpd server, etc. This seemed to solve the problem,
> however... When I run a netstat -na right now I get the impression that
> there is still some garbadge in memory from this experience:
> 
> As:
> tcp4       0  15360  63.105.9.61.20         217.80.179.220.2822    LAST_ACK
> tcp4       0  15360  63.105.9.61.20         193.219.43.81.2591     LAST_ACK
> tcp4       0  15360  63.105.9.61.20         200.11.220.5.2535      LAST_ACK
> tcp4       0  15360  63.105.9.61.20         200.11.220.5.1736      LAST_ACK
> tcp4       0  15360  63.105.9.61.20         200.11.220.5.1735      LAST_ACK
> tcp4       0  15360  63.105.9.61.20         202.133.131.44.3651    LAST_ACK
> tcp4       0  15360  63.105.9.61.20         193.124.148.213.4486   LAST_ACK
> tcp4       0  15360  63.105.9.61.20         193.124.148.213.4338   LAST_ACK
> tcp4       0  15360  63.105.9.61.20         193.124.148.213.3452   LAST_ACK
> tcp4       0  15360  63.105.9.61.20         193.124.148.213.3449   LAST_ACK
> tcp4       0  15360  63.105.9.61.20         193.124.148.213.1825   LAST_ACK
> tcp4       0  15360  63.105.9.61.20         193.124.148.213.2922   LAST_ACK
> tcp4       0  15360  63.105.9.61.20         193.124.148.213.2390   LAST_ACK
> tcp4       0  15360  63.105.9.61.20         193.124.148.213.2310   LAST_ACK
> tcp4       0  15360  63.105.9.61.20         193.124.148.213.1598   LAST_ACK
> tcp4       0  15360  63.105.9.61.20         193.124.148.213.1597   LAST_ACK
> tcp4       0  15360  63.105.9.61.20         193.124.148.213.1556   LAST_ACK
> tcp4       0  15360  63.105.9.61.20         193.124.148.213.1553   LAST_ACK
> tcp4       0  15360  63.105.9.61.20         203.195.181.4.1440     LAST_ACK
> 
> I am sure this has been in there the last at least 24 hours and I can
> see nothing is happening. I suspect that this is because of the no
> memory for rx list, but I am not quite sure. I was kinda a cool feeling
> though that FreeBSD didn't give up, but still runs!!!

I think you might have been attacked by a well-known attack, simply named
the LAST_ACK attack.  It puts our TCP state machine into whack by not
sending the proper TCP states.  There is no way around it.
 
> Is there anyway to clean this up without having to reboot the system?

I don't know. :)
-- 
keichiii@iteration.net






--------------060100050103050904050209
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<html>
<head>
</head>
<body>
Hi!<br>
<br>
Does anyone here know what to do about this?<br>
<br>
Thanks!<br>
Jan<br>
<br>
<br>
<br>
-------- Original Message --------
<table cellpadding="0" cellspacing="0" border="0">
  <tbody>
    <tr>
      <th valign="Baseline" align="Right" nowrap="">From: </th>
      <td>- Sat Aug 18 12:19:58 2001</td>
    </tr>
    <tr>
      <th valign="Baseline" align="Right" nowrap="">X-UIDL: </th>
      <td>998151141.23696.digitaldaemon.com,S=3760</td>
    </tr>
    <tr>
      <th valign="Baseline" align="Right" nowrap="">X-Mozilla-Status: </th>
      <td>0013</td>
    </tr>
    <tr>
      <th valign="Baseline" align="Right" nowrap="">X-Mozilla-Status2: </th>
      <td>00000000</td>
    </tr>
    <tr>
      <th valign="Baseline" align="Right" nowrap="">Return-Path: </th>
      <td><a class="moz-txt-link-rfc2396E" href="mailto:keichii@iteration.net">&lt;keichii@iteration.net&gt;</a></td>
    </tr>
    <tr>
      <th valign="Baseline" align="Right" nowrap="">Delivered-To: </th>
      <td><a class="moz-txt-link-abbreviated" href="mailto:jan@digitaldaemon.com">jan@digitaldaemon.com</a></td>
    </tr>
    <tr>
      <th valign="Baseline" align="Right" nowrap="">Received: </th>
      <td>(qmail 23693 invoked from network); 18 Aug 2001 16:12:20 -0000</td>
    </tr>
    <tr>
      <th valign="Baseline" align="Right" nowrap="">Received: </th>
      <td>from unknown (HELO sm4.texas.rr.com) (<a class="moz-txt-link-abbreviated" href="mailto:root@24.93.35.211">root@24.93.35.211</a>)  by digitaldaemon.com
with SMTP; 18 Aug 2001 16:12:20 -0000</td>
    </tr>
    <tr>
      <th valign="Baseline" align="Right" nowrap="">Received: </th>
      <td>from [192.168.0.138] (cs6668179-144.austin.rr.com [66.68.179.144])	by
sm4.texas.rr.com (8.12.0.Beta5/8.12.0.Beta5) with ESMTP id f7IGE8KE018133;	Sat,
18 Aug 2001 11:14:08 -0500</td>
    </tr>
    <tr>
      <th valign="Baseline" align="Right" nowrap="">User-Agent: </th>
      <td>Microsoft-Outlook-Express-Macintosh-Edition/5.02.2022</td>
    </tr>
    <tr>
      <th valign="Baseline" align="Right" nowrap="">Date: </th>
      <td>Sat, 18 Aug 2001 11:14:12 -0500</td>
    </tr>
    <tr>
      <th valign="Baseline" align="Right" nowrap="">Subject: </th>
      <td>Re: slashdotted: /kernel: xl0: no memory for rx list -- packet	dropped!</td>
    </tr>
    <tr>
      <th valign="Baseline" align="Right" nowrap="">From: </th>
      <td>"Michael C. Wu" <a class="moz-txt-link-rfc2396E" href="mailto:keichii@iteration.net">&lt;keichii@iteration.net&gt;</a></td>
    </tr>
    <tr>
      <th valign="Baseline" align="Right" nowrap="">To: </th>
      <td>Jan Knepper <a class="moz-txt-link-rfc2396E" href="mailto:jan@digitaldaemon.com">&lt;jan@digitaldaemon.com&gt;</a>, FreeBSD ISP <a class="moz-txt-link-rfc2396E" href="mailto:FreeBSD-ISP@freebsd.org">&lt;FreeBSD-ISP@freebsd.org&gt;</a></td>
    </tr>
    <tr>
      <th valign="Baseline" align="Right" nowrap="">Message-ID: </th>
      <td><a class="moz-txt-link-rfc2396E" href="mailto:B7A3FE84.F61%keichii@iteration.net">&lt;B7A3FE84.F61%keichii@iteration.net&gt;</a></td>
    </tr>
    <tr>
      <th valign="Baseline" align="Right" nowrap="">In-Reply-To: </th>
      <td><a class="moz-txt-link-rfc2396E" href="mailto:3B7E9205.7010604@digitaldaemon.com">&lt;3B7E9205.7010604@digitaldaemon.com&gt;</a></td>
    </tr>
    <tr>
      <th valign="Baseline" align="Right" nowrap="">Mime-version: </th>
      <td>1.0</td>
    </tr>
    <tr>
      <th valign="Baseline" align="Right" nowrap="">Content-type: </th>
      <td>text/plain; charset="US-ASCII"</td>
    </tr>
    <tr>
      <th valign="Baseline" align="Right" nowrap="">Content-transfer-encoding:
      </th>
      <td>7bit</td>
    </tr>
  </tbody>
</table>
<br>
<br>
<pre>on 08/18/2001 11:04 AM, Jan Knepper at <a class="moz-txt-link-abbreviated" href="mailto:jan@digitaldaemon.com">jan@digitaldaemon.com</a> wrote:
&gt; Last Thursday one of the sites I host got slashdotted
&gt; (<a class="moz-txt-link-freetext" href="http://www.slashdot.com/">http://www.slashdot.com/</a>) and amazingly FreeBSD 4.3 on PIII 600 Mhz
&gt; with 128 MB RAM took the load gracefully. I.e. until around 5 PM EST
&gt; when I got messages like:

This should a good enough system.
 
&gt; /kernel: xl0: no memory for rx list -- packet dropped!
&gt; 
&gt; at the console...
&gt; 
&gt; So what I did is, I terminated some of the daemon's that were not really
&gt; used as a couple of httpd server, etc. This seemed to solve the problem,
&gt; however... When I run a netstat -na right now I get the impression that
&gt; there is still some garbadge in memory from this experience:
&gt; 
&gt; As:
&gt; tcp4       0  15360  63.105.9.61.20         217.80.179.220.2822    LAST_ACK
&gt; t
cp4       0  15360  63.105.9.61.20         193.219.43.81.2591     LAST_ACK
&gt; tcp4       0  15360  63.105.9.61.20         200.11.220.5.2535      LAST_ACK
&gt; tcp4       0  15360  63.105.9.61.20         200.11.220.5.1736      LAST_ACK
&gt; tcp4       0  15360  63.105.9.61.20         200.11.220.5.1735      LAST_ACK
&gt; tcp4       0  15360  63.105.9.61.20         202.133.131.44.3651    LAST_ACK
&gt; tcp4       0  15360  63.105.9.61.20         193.124.148.213.4486   LAST_ACK
&gt; tcp4       0  15360  63.105.9.61.20         193.124.148.213.4338   LAST_ACK
&gt; tcp4       0  15360  63.105.9.61.20         193.124.148.213.3452   LAST_ACK
&gt; tcp4       0  15360  63.105.9.61.20         193.124.148.213.3449   LAST_ACK
&gt; tcp4       0  15360  63.105.9.61.20         193.124.148.213.1825   LAST_ACK
&gt; tcp4       0  15360  63.105.9.61.20         193.124.148.213.2922   LAST_ACK
&gt; tcp4       0  15360  63.105.9.61.20         193.124.148.213.2390   LAST_ACK
&gt; tcp4       0  15360
  63.105.9.61.20         193.124.148.213.2310   LAST_ACK
&gt; tcp4       0  15360  63.105.9.61.20         193.124.148.213.1598   LAST_ACK
&gt; tcp4       0  15360  63.105.9.61.20         193.124.148.213.1597   LAST_ACK
&gt; tcp4       0  15360  63.105.9.61.20         193.124.148.213.1556   LAST_ACK
&gt; tcp4       0  15360  63.105.9.61.20         193.124.148.213.1553   LAST_ACK
&gt; tcp4       0  15360  63.105.9.61.20         203.195.181.4.1440     LAST_ACK
&gt; 
&gt; I am sure this has been in there the last at least 24 hours and I can
&gt; see nothing is happening. I suspect that this is because of the no
&gt; memory for rx list, but I am not quite sure. I was kinda a cool feeling
&gt; though that FreeBSD didn't give up, but still runs!!!

I think you might have been attacked by a well-known attack, simply named
the LAST_ACK attack.  It puts our TCP state machine into whack by not
sending the proper TCP states.  There is no way around it.
 
&gt; Is there anyway to clean thi
s up without having to reboot the system?

I don't know. :)
-- 
<a class="moz-txt-link-abbreviated" href="mailto:keichiii@iteration.net">keichiii@iteration.net</a>




</pre>
</body>
</html>

--------------060100050103050904050209--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B8026CC.9090805>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation