From owner-freebsd-questions@FreeBSD.ORG Wed Jan 10 15:31:05 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4A02816A412 for ; Wed, 10 Jan 2007 15:31:05 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id 0CD9413C442 for ; Wed, 10 Jan 2007 15:31:04 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1H4fPd-0006S3-UG for freebsd-questions@freebsd.org; Wed, 10 Jan 2007 16:30:49 +0100 Received: from lara.cc.fer.hr ([161.53.72.113]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 10 Jan 2007 16:30:49 +0100 Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 10 Jan 2007 16:30:49 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Ivan Voras Date: Wed, 10 Jan 2007 16:30:31 +0100 Lines: 23 Message-ID: References: <45A4FDDA.8040909@skoberne.net> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr User-Agent: Thunderbird 1.5.0.4 (X11/20060625) In-Reply-To: <45A4FDDA.8040909@skoberne.net> Sender: news Subject: Re: Simple DoS X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Jan 2007 15:31:05 -0000 Nejc Škoberne wrote: > Hello, > > yesterday one of our clients did something interesting (stupid): they > connected both ends of an UTP cable to the same switch, to which our > FreeBSD server was also connected. The server was immediately completely > unresponsive from yesterday evening until this morning, when our tech > guy went there to see what the problem was. Even when they rebooted > the FreeBSD machine, it wouldn't boot normally - disk I/O was very > busy and everything was happening unusably slow. After the disconnect > from that switch, everything went back to normal. > > Any ideas how to prevent such situations in the future? (I would like > to do it on the server side, not on the "user side".) First you need to identify what really happened. The story as you tell it has much unknown. What does the server do? Is it forwarding packets so they got stuck in a loop? High disk I/O suggests you have firewall enabled with logging, so every discarded (?) packet generated a log message. If you're using syslog you can tell it not to sync after every message and thus lower the I/O load. If you don't need to inspect the logs, disable the logging.