Date: Thu, 2 Nov 2000 14:29:16 -0600 (CST) From: Bryan Bradsby <Bryan.Bradsby@capnet.state.tx.us> To: security@FreeBSD.ORG Subject: Re: DOS attack Message-ID: <Pine.BSF.4.21.0011021424150.26450-100000@localhost> In-Reply-To: <Pine.BSF.4.21.0011021439550.10392-100000@libertad.univalle.edu.co>
next in thread | previous in thread | raw e-mail | index | archive | help
Have you checked your squid logs for the times when server load goes too high? Just a wild guess, but you may have an open HTTP proxy, being abused by people who get paid for each click on a banner. What is the source of the squid connections? -bryan bradsby Security@capnet.state.tx.us ============================== On Thu, 2 Nov 2000, Buliwyf McGraw wrote: > > I was researching about the last incidents on the machine with the > system load problem (possible attack) ... > I get this: the service which crash the server when the problem > starts is the famous "squid". > Normal days, the squid is running without problems and the load of > the server is 0.5 (average), the required cputime for the program > is 20%. Then the world is beatiful. > But, when we have a bad day... the squid need 90% 95% 100% cputime > and the load of the server jump until crash. The interrupts are too > big in these moments. > If i quit the network cable from the server... the load dissapear and > everything is rigth, but, if i put the network cable again... booom!!! > > The problem isnt everyday, is just sometimes, somedays... few hours. > > Thanks for any comment or sugestion... ;) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0011021424150.26450-100000>